← Back to CVE List

CVE-2024-6759

Published: 2024-08-12T13:38Z
Last Modified: 2024-11-21T09:50Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt