Plattform
python
Komponente
diffoscope
Behoben in
76
CVE-2017-0359 is a critical vulnerability affecting diffoscope versions up to 75. This flaw allows an attacker to write arbitrary files to disk based on the contents of an untrusted archive processed by diffoscope. Successful exploitation could lead to system compromise and data corruption. The vulnerability is resolved in version 76.
The core of the vulnerability lies in diffoscope's handling of untrusted archive data. An attacker can craft a malicious archive containing specially designed entries that, when processed by diffoscope, result in the writing of files to arbitrary locations on the filesystem. This bypasses typical security controls and allows for the injection of malicious code or the modification of critical system files. The potential impact is significant, ranging from denial of service through file corruption to complete system takeover if the attacker can execute the injected code. This vulnerability shares similarities with other file parsing vulnerabilities where untrusted data is used to construct file paths or commands.
CVE-2017-0359 was publicly disclosed on July 13, 2018. While no active exploitation campaigns have been definitively linked to this CVE, the critical severity and potential for remote code execution make it a high-priority concern. There are publicly available proof-of-concept exploits demonstrating the arbitrary file write capability. It is not listed on CISA KEV as of this writing.
Systems utilizing diffoscope to analyze untrusted archive files are at risk. This includes security researchers, forensic analysts, and developers who rely on diffoscope for code analysis or data extraction. Shared hosting environments where diffoscope is installed and used to process user-uploaded archives are particularly vulnerable.
• python / general: Monitor diffoscope process execution with unusual arguments or file paths. Use ps aux | grep diffoscope to identify running processes.
• python / general: Check for unexpected files appearing in sensitive directories (e.g., /etc, /usr/bin) that may have been written by a malicious archive.
• python / general: Review system logs for errors or warnings related to diffoscope processing archives, particularly those indicating file write failures or unexpected behavior. Use journalctl -u diffoscope if available.
• python / general: If diffoscope is used in automated pipelines, review the source archives for any signs of tampering or malicious content.
disclosure
Exploit-Status
EPSS
0.59% (69% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2017-0359 is to upgrade diffoscope to version 76 or later, which contains the fix. If upgrading is not immediately feasible, consider restricting the types of archives that diffoscope processes to only trusted sources. Implement strict file system permissions to limit the impact of a potential write. While a WAF or proxy cannot directly mitigate this vulnerability, they can be configured to monitor for unusual file access patterns or suspicious file names that might indicate exploitation. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring file system activity for unexpected modifications is recommended.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2017-0359 is a critical vulnerability in diffoscope versions up to 75 that allows an attacker to write arbitrary files to disk based on the contents of an untrusted archive.
You are affected if you are using diffoscope versions 75 or earlier and process untrusted archive files.
Upgrade diffoscope to version 76 or later to remediate the vulnerability. Restrict processing of untrusted archives as a temporary workaround.
While no active campaigns have been definitively linked, the critical severity and available proof-of-concept exploits suggest a potential risk.
Refer to the diffoscope project's security advisories and release notes on their official website or GitHub repository for details.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.