{"id":"CVE-2023-28371","details":"In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.","modified":"2026-04-16T04:39:59.782406164Z","published":"2023-03-15T04:15:11.603Z","related":["openSUSE-SU-2023:0097-1","openSUSE-SU-2024:12819-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KG6UNRAOYZJSMIUELY3MMJ5J6LIUZXLT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REDZB5J7WDN2P3NYWFO2NNJXSTOFUUKM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ4ZGY5MDDHBEOQTD4IIA2RFID3ATPXA/"},{"type":"FIX","url":"https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78"},{"type":"FIX","url":"https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb"},{"type":"FIX","url":"https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Stellarium/stellarium","events":[{"introduced":"0"},{"last_affected":"02ff75f91f14d9b03f2c9e68cf49f7cc2fda1241"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2"}]}},{"type":"GIT","repo":"https://github.com/stellarium/stellarium","events":[{"introduced":"0"},{"fixed":"1261f74dc4aa6bbd01ab514343424097f8cf46b7"},{"fixed":"787a894897b7872ae96e6f5804a182210edd5c78"},{"fixed":"eba61df3b38605befcb43687a4c0a159dbc0c5cb"}]}],"versions":["stellarium-0-10-5","stellarium-0-10-6","stellarium-0-11-1","stellarium-0-11-4","stellarium-0-12-0","stellarium-0-12-2","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.14.0","v0.15.1","v0.15.2","v0.17.0","v0.18.0","v0.18.1","v0.18.2","v0.18.3","v0.19.0","v0.19.1","v0.19.2","v0.19.3","v0.20.0","v0.20.1","v0.20.2","v0.20.3","v0.20.4","v0.21.0","v0.21.1","v0.21.2","v0.21.3","v0.22.0","v0.22.1","v0.22.2","v1.0","v1.1","v1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28371.json","vanir_signatures_modified":"2026-04-12T19:59:20Z","vanir_signatures":[{"target":{"file":"src/scripting/StelScriptOutput.cpp"},"deprecated":false,"source":"https://github.com/stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["53595911243962978289097606874560180509","293395051054113567024356363208871279662","277366325286761857587680373391222403243","326000818959828191746522077654869192597","321196918525093113140481920217655512467","49804637547268882389531205692097127618","8251690121638052968625757094808258975","227885338067719686680642889369989673852","260028020935460372288900778611912583645","285304267391085082180688825084999977765"]},"signature_version":"v1","id":"CVE-2023-28371-0b8fadf2"},{"target":{"file":"src/scripting/StelScriptMgr.cpp","function":"StelScriptMgr::prepareScript"},"deprecated":false,"source":"https://github.com/stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78","signature_type":"Function","digest":{"function_hash":"131332367628456435425101018616263713921","length":902},"signature_version":"v1","id":"CVE-2023-28371-15ce15ca"},{"source":"https://github.com/stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78","deprecated":false,"target":{"file":"src/scripting/StelScriptMgr.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["303728221691636449943264520387451255611","230593902007787674813693250773976150493","47734859198094678558152211540333167652","80109637601504723391936480294380986871","163872197253603741743954915001860651362","297296004080001500511029935947468487813","155052478432239960793641630636852702531","213676796580655752738783123126089560460","89595302175403460667463594222316883698","243901609356039433882450771152910768172","178319565779063195393059642092299999817"]},"signature_version":"v1","id":"CVE-2023-28371-3f2eaa78"},{"target":{"file":"src/scripting/StelScriptOutput.cpp","function":"StelScriptOutput::saveOutputAs"},"deprecated":false,"source":"https://github.com/stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7","signature_type":"Function","digest":{"function_hash":"146475479337413929294242098548304653544","length":1199},"signature_version":"v1","id":"CVE-2023-28371-b0525867"},{"target":{"file":"src/scripting/StelScriptMgr.cpp","function":"StelScriptMgr::runScript"},"deprecated":false,"source":"https://github.com/stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78","signature_type":"Function","digest":{"function_hash":"311995360783414358128085318359061088311","length":163},"signature_version":"v1","id":"CVE-2023-28371-f18649be"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}