CVE-2024-25711

Published: Feb 11, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361

https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/dfed769904c27d66a14a5903823d9c8c5aae860e

FEDORA-2024-3383326db4

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-25711

Description

Affected Products

References