Upstream information

CVE-2024-25711 at MITRE


diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1220157 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • diffoscope >= 261-1.1

SUSE Timeline for this CVE

CVE page created: Sun Feb 18 15:00:05 2024
CVE page last modified: Sun Jun 16 03:06:55 2024