CVE-2011-4675
Widelands < 15.1 - Path Traversal and Arbitrary File Write via Tilde Expansion
Title source: llmDescription
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.
References (3)
Core 3
Core References
Patch, Release Notes, Third Party Advisory x_refsource_confirm
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71626
Issue Tracking, Third Party Advisory x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
Scores
EPSS
0.0337
EPSS Percentile
87.3%
Details
CWE
CWE-22
Status
published
Products (1)
widelands/widelands
(20 CPE variants)
Published
Dec 05, 2011
Tracked Since
Feb 18, 2026