CVE-2015-0858

LOW

Debian Linux - Symlink Following

Title source: rule

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

Core 2

Core References

Third Party Advisory vendor-advisory x_refsource_debian

Patch x_refsource_confirm

CVSS v3 3.3

EPSS 0.0037

EPSS Percentile 28.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-59

Status published

Products (2)

debian/debian_linux 8.0

tardiff_project/tardiff

Published May 06, 2016

Tracked Since Feb 18, 2026