Security Advisory

CVE-2024-25711

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-11 00:00:00

Last updated 2025-11-04 18:29:37

Assigner mitre

State PUBLISHED

Description

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

← Browse all CVEs View on cve.org ↗