Platform
python
Component
diffoscope
Fixed in
76
CVE-2017-0359 is a critical vulnerability affecting diffoscope versions up to 75. This flaw allows an attacker to write arbitrary files to disk based on the contents of an untrusted archive processed by diffoscope. Successful exploitation could lead to system compromise and data corruption. The vulnerability is resolved in version 76.
The core of the vulnerability lies in diffoscope's handling of untrusted archive data. An attacker can craft a malicious archive containing specially designed entries that, when processed by diffoscope, result in the writing of files to arbitrary locations on the filesystem. This bypasses typical security controls and allows for the injection of malicious code or the modification of critical system files. The potential impact is significant, ranging from denial of service through file corruption to complete system takeover if the attacker can execute the injected code. This vulnerability shares similarities with other file parsing vulnerabilities where untrusted data is used to construct file paths or commands.
CVE-2017-0359 was publicly disclosed on July 13, 2018. While no active exploitation campaigns have been definitively linked to this CVE, the critical severity and potential for remote code execution make it a high-priority concern. There are publicly available proof-of-concept exploits demonstrating the arbitrary file write capability. It is not listed on CISA KEV as of this writing.
Exploit Status
EPSS
0.59% (69% percentile)
CVSS Vector
The primary mitigation for CVE-2017-0359 is to upgrade diffoscope to version 76 or later, which contains the fix. If upgrading is not immediately feasible, consider restricting the types of archives that diffoscope processes to only trusted sources. Implement strict file system permissions to limit the impact of a potential write. While a WAF or proxy cannot directly mitigate this vulnerability, they can be configured to monitor for unusual file access patterns or suspicious file names that might indicate exploitation. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring file system activity for unexpected modifications is recommended.
No official patch available. Check for workarounds or monitor for updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2017-0359 is a critical vulnerability in diffoscope versions up to 75 that allows an attacker to write arbitrary files to disk based on the contents of an untrusted archive.
You are affected if you are using diffoscope versions 75 or earlier and process untrusted archive files.
Upgrade diffoscope to version 76 or later to remediate the vulnerability. Restrict processing of untrusted archives as a temporary workaround.
While no active campaigns have been definitively linked, the critical severity and available proof-of-concept exploits suggest a potential risk.
Refer to the diffoscope project's security advisories and release notes on their official website or GitHub repository for details.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.