Approved changes feed: RSS · Atom

cpe:2.3:a:amanda:amanda:3.5.1:*:*:*:*:*:*:*

part: a version: 3.5.1 update: *

VendorAmanda (a5cafbf0-03fc-58f5-8d83-d6e37e997977)
ProductAmanda (55d0360e-b89f-58f3-a54d-2881b7512d17)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:bitbucket/acgt/amanda purl2cpe 2026-06-01 10:12:19.467635
pkg:deb/debian/amanda purl2cpe 2026-06-01 10:12:19.467637
pkg:deb/ubuntu/amanda purl2cpe 2026-06-01 10:12:19.467638
pkg:github/zmanda/amanda purl2cpe 2026-06-01 10:12:19.467640
pkg:gitlab/redhat/amanda purl2cpe 2026-06-01 10:12:19.467641
pkg:rpm/centos/amanda purl2cpe 2026-06-01 10:12:19.467642
pkg:rpm/fedora/amanda purl2cpe 2026-06-01 10:12:19.467644
pkg:rpm/opensuse/amanda purl2cpe 2026-06-01 10:12:19.467645
pkg:sourceforge/amanda purl2cpe 2026-06-01 10:12:19.467646

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-37703 vulnerable 2026-06-08 05:47:12.984422 Details available
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.
Published: 2022-09-13T00:00:00.000Z
Updated: 2025-11-04T16:09:48.244Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.