CVE-2020-29050

NameCVE-2020-29050
DescriptionSphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2882-1, DSA-5036-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sphinxsearch (PTS)stretch (security), stretch (lts), stretch2.2.11-1.1+deb9u1fixed
buster (security), buster, buster (lts)2.2.11-2+deb10u1fixed
sid, trixie, bookworm2.2.11-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sphinxsearchsourcestretch2.2.11-1.1+deb9u1DLA-2882-1
sphinxsearchsourcebuster2.2.11-2+deb10u1DSA-5036-1
sphinxsearchsource(unstable)2.2.11-3

Notes

Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa
Backported patch: https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch

Search for package or bug name: Reporting problems