CVE-2021-29488

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29488

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29488.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-29488

Related

GHSA-jwj3-wrvf-v3rp
UBUNTU-CVE-2021-29488

Published

2021-05-07T15:15:07Z

Modified

2025-01-08T08:04:24.285304Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer() function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.

References

Affected packages

Debian:11 / sabnzbdplus

Package

Name: sabnzbdplus
Purl: pkg:deb/debian/sabnzbdplus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.1+dfsg-2+deb11u1

Affected versions

0.*

0.4.9-1

0.4.11-1

0.4.12-1

0.5.0-1

0.5.0-2

0.5.2-1

0.5.3-1

0.5.4-1

0.5.5-1

0.5.6-1

0.6.2-1

0.6.4-1

0.6.6-1

0.6.7-1

0.6.8-1

0.6.9-1

0.6.10-1

0.6.14-1

0.6.15-1

0.7.2-1

0.7.3-1

0.7.4-1

0.7.5-1

0.7.6-1

0.7.8-1

0.7.9-1

0.7.11-1

0.7.13-1

0.7.16-1

0.7.18-1

0.7.20-1

0.7.20+dfsg-1

1.*

1.0.2+dfsg-1

1.0.3+dfsg-1

1.0.3+dfsg-2

1.1.1+dfsg-1

2.*

2.3.1+dfsg-1

2.3.2+dfsg-1

2.3.4+dfsg-1

2.3.6+dfsg-1

3.*

3.0.0~0git20200408+dfsg-1

3.1.1+dfsg-1

3.1.1+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / sabnzbdplus

Package

Name: sabnzbdplus
Purl: pkg:deb/debian/sabnzbdplus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.1+dfsg-1

Affected versions

0.*

0.4.9-1

0.4.11-1

0.4.12-1

0.5.0-1

0.5.0-2

0.5.2-1

0.5.3-1

0.5.4-1

0.5.5-1

0.5.6-1

0.6.2-1

0.6.4-1

0.6.6-1

0.6.7-1

0.6.8-1

0.6.9-1

0.6.10-1

0.6.14-1

0.6.15-1

0.7.2-1

0.7.3-1

0.7.4-1

0.7.5-1

0.7.6-1

0.7.8-1

0.7.9-1

0.7.11-1

0.7.13-1

0.7.16-1

0.7.18-1

0.7.20-1

0.7.20+dfsg-1

1.*

1.0.2+dfsg-1

1.0.3+dfsg-1

1.0.3+dfsg-2

1.1.1+dfsg-1

2.*

2.3.1+dfsg-1

2.3.2+dfsg-1

2.3.4+dfsg-1

2.3.6+dfsg-1

3.*

3.0.0~0git20200408+dfsg-1

3.1.1+dfsg-1

3.1.1+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / sabnzbdplus

Package

Name: sabnzbdplus
Purl: pkg:deb/debian/sabnzbdplus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.1+dfsg-1

Affected versions

0.*

0.4.9-1

0.4.11-1

0.4.12-1

0.5.0-1

0.5.0-2

0.5.2-1

0.5.3-1

0.5.4-1

0.5.5-1

0.5.6-1

0.6.2-1

0.6.4-1

0.6.6-1

0.6.7-1

0.6.8-1

0.6.9-1

0.6.10-1

0.6.14-1

0.6.15-1

0.7.2-1

0.7.3-1

0.7.4-1

0.7.5-1

0.7.6-1

0.7.8-1

0.7.9-1

0.7.11-1

0.7.13-1

0.7.16-1

0.7.18-1

0.7.20-1

0.7.20+dfsg-1

1.*

1.0.2+dfsg-1

1.0.3+dfsg-1

1.0.3+dfsg-2

1.1.1+dfsg-1

2.*

2.3.1+dfsg-1

2.3.2+dfsg-1

2.3.4+dfsg-1

2.3.6+dfsg-1

3.*

3.0.0~0git20200408+dfsg-1

3.1.1+dfsg-1

3.1.1+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/sabnzbd/sabnzbd

Affected ranges

Type: GIT
Repo: https://github.com/sabnzbd/sabnzbd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

008794089866a0fa5fd39818806d34e9d0d8098d

Affected versions

0.*

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.8RC1

0.6.9

0.6.9RC1

0.6.9RC2

0.7.0

0.7.0Alpha1

0.7.0Alpha2

0.7.0Alpha3

0.7.0Beta1

0.7.0Beta2

0.7.0Beta3

0.7.0Beta4

0.7.0Beta5

0.7.0Beta6

0.7.0Beta7

0.7.0Beta8

0.7.0RC1

0.7.0RC2

0.7.1

0.7.10

0.7.10RC1

0.7.11

0.7.11RC1

0.7.11RC2

0.7.1RC1

0.7.1RC2

0.7.1RC3

0.7.1RC4

0.7.1RC5

0.7.2

0.7.2RC1

0.7.2RC2

0.7.3

0.7.3Beta1

0.7.3Beta2

0.7.3RC1

0.7.4

0.7.4Beta1

0.7.4Beta2

0.7.4Beta3

0.7.4RC1

0.7.4RC2

0.7.5

0.7.5RC1

0.7.6

0.7.6Beta1

0.7.6Beta2

0.7.6Final

0.7.7

0.7.8

0.7.8RC1

0.7.9

0.7.9RC1

0.8.0Alpha1

0.8.0Alpha2

0.8.0Beta1

0.8.0Beta2

0.8.0Beta3

0.8.0Beta4

0.8.0Beta5

0.8.0Beta6

1.*

1.0.0

1.0.0RC1

1.0.0RC2

1.0.0RC3

1.0.0RC4

1.0.0RC5

1.0.1

1.0.1RC1

1.0.2

1.0.3

1.1.0

1.1.0Beta1

1.1.0RC1

1.1.0RC2

1.1.0RC3

1.1.0RC4

1.2.0

1.2.0Beta1

1.2.0RC1

1.2.1

1.2.1Beta1

1.2.1RC1

1.2.2

1.2.3

2.*

2.0.0

2.0.0Alpha1

2.0.0Beta1

2.0.0RC1

2.0.0RC2

2.0.0RC3

2.0.1

2.0.1RC1

2.0.1RC2

2.1.0

2.1.0Beta1

2.1.0RC1

2.2.0

2.2.0Alpha1

2.2.0Alpha2

2.2.0Alpha3

2.2.0Beta1

2.2.0Beta2

2.2.0RC1

2.2.0RC2

2.2.0RC3

2.2.1

2.2.1RC1

2.2.1RC2

2.3.0

2.3.0Alpha1

2.3.0Alpha2

2.3.0RC1

2.3.0RC2

2.3.1

2.3.1Beta1

2.3.1RC1

2.3.1RC2

2.3.2

2.3.2RC1

2.3.2RC2

2.3.3

2.3.3Beta1

2.3.3RC1

2.3.3RC2

2.3.4

2.3.4RC1

2.3.5

2.3.5RC1

2.3.5RC2

2.3.6

2.3.6Beta1

2.3.6RC1

2.3.7

2.3.7Beta1

2.3.7RC1

2.3.8

2.3.8Beta1

2.3.8RC1

2.3.9

2.3.9RC1

2.3.9RC2

3.*

3.0.0Alpha1

3.0.0Alpha2

3.0.0Beta1

3.0.0Beta2

3.0.0Beta3

3.0.0Beta4

3.0.0RC1

3.0.0RC2