CVE-2007-1799
ktorrent - directory traversal
EPSS 1.3%
Description
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
How to fix CVE-2007-1799
To remediate CVE-2007-1799, upgrade the affected package to a fixed version below.
- Debian/ktorrent—upgrade to 2.1.4.dfsg.1-1 or later
- Debian/ktorrent—upgrade to 2.0.3+dfsg1-2etch1 or later
- —upgrade to 2.0.3+dfsg1-2.2etch1 or later
Is CVE-2007-1799 being exploited?
Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.1.4.dfsg.1-1
- from 0, < 2.0.3+dfsg1-2etch1
- from 0, < 2.0.3+dfsg1-2.2etch1