CVE-2024-10933

In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig	Patch
https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:openbsd:openbsd::::::::
	cpe:2.3:o:openbsd:openbsd:7.4:-::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_001::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_002::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_003::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_004::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_005::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_006::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_007::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_008::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_009::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_010::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_011::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_012::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_013::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_014::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_015::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_016::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_017::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_018::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_019::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_020::::::
	cpe:2.3:o:openbsd:openbsd:7.4:errata_021::::::

History

23 Sep 2025, 12:54

Type	Values Removed	Values Added
References	~~() https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig -~~	() https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig - Patch
References	~~() https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig -~~	() https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig - Patch
First Time		Openbsd openbsd Openbsd
Summary		(es) En OpenBSD 7.5 antes de la errata 009 y OpenBSD 7.4 antes de la errata 022, excluya cualquier '/' en la validación del nombre readdir para evitar un directory traversal inesperado en sistemas de archivos que no sean de confianza.
CPE		cpe:2.3:o:openbsd:openbsd:7.4:errata_003:::::: cpe:2.3:o:openbsd:openbsd:::::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_011:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_006:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_019:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_012:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_021:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_014:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_004:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_009:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_013:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_015:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_016:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_007:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_001:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_002:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_008:::::: cpe:2.3:o:openbsd:openbsd:7.4:-:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_018:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_005:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_020:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_017:::::: cpe:2.3:o:openbsd:openbsd:7.4:errata_010::::::

05 Dec 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-05 20:15

Updated : 2025-09-23 12:54

NVD link : CVE-2024-10933

Mitre link : CVE-2024-10933

CVE.ORG link : CVE-2024-10933

JSON object : View

Products Affected

openbsd

openbsd

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.0 /10