CVE-2011-4675

CVSS 6.4 - MEDIUM
Description

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.

Affected Products
20
Vendor Product Version
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
widelands widelands -
References
http://bazaar.launchpad.net/~widelands-dev/widelan...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=6...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://bazaar.launchpad.net/~widelands-dev/widelan...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=6...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
CWE-22
CVE Information
CVE ID:
CVE-2011-4675
Published:
2011-12-05
Modified:
2026-04-29
CVSS Score:
6.4
Severity:
MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P
Affected Vendors
widelands
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL