CVE-2017-8921

HIGH

FlightGear <2017.2.1 - Path Traversal

Title source: llm
STIX 2.1

Description

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.

References (1)

Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/

Scores

CVSS v3 7.5
EPSS 0.0142
EPSS Percentile 69.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
flightgear/flightgear < 2017.2
Published May 12, 2017
Tracked Since Feb 18, 2026