CVE-2015-0557 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-0557 Interim 1 9 2025-04-15T23:40:57Z current 2021-05-30T13:26:35Z 2025-04-15T23:40:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-0557 Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 unarj unarj as a component of SUSE Linux Enterprise Desktop 11 SP3 unarj as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata unarj as a component of SUSE Linux Enterprise Server 11 SP3 Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. CVE-2015-0557 SUSE Linux Enterprise Desktop 11 SP3:unarj SUSE Linux Enterprise Server 11 SP1 for Teradata:unarj SUSE Linux Enterprise Server 11 SP3:unarj moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P