VIR Vulnerability Intelligence Relay

CVE-2015-0858

low
Published 2016-05-06 · Modified 2026-05-06
CVSS v3
3.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS v2
2.1
VIR risk
3.3

Description

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

Predictions

Exploit likelihood
34%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-0858

OS impact
OSVersionStatusFixed in
debian debian8.0affected
debian debianbookwormfixed0.1-3
debian debianbullseyefixed0.1-3
debian debianforkyfixed0.1-3
debian debiansidfixed0.1-3
debian debiantrixiefixed0.1-3

Application impact
VendorProductVersionsFixed
tardiff_projecttardiff-

References

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.