Source: robocode Version: 1.9.3.9-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 1.9.3.9-3
Hi, The following vulnerabilities were published for robocode. CVE-2025-14306[0]: | A directory traversal vulnerability exists in the CacheCleaner | component of Robocode version 1.9.3.6. The recursivelyDelete method | fails to properly sanitize file paths, allowing attackers to | traverse directories and delete arbitrary files on the system. This | vulnerability can be exploited by submitting specially crafted | inputs that manipulate the file path, leading to potential | unauthorized file deletions. https://robo-code.blogspot.com/ CVE-2025-14307[1]: | An insecure temporary file creation vulnerability exists in the | AutoExtract component of Robocode version 1.9.3.6. The | createTempFile method fails to securely create temporary files, | allowing attackers to exploit race conditions and potentially | execute arbitrary code or overwrite critical files. This | vulnerability can be exploited by manipulating the temporary file | creation process, leading to potential unauthorized actions. CVE-2025-14308[2]: | An integer overflow vulnerability exists in the write method of the | Buffer class in Robocode version 1.9.3.6. The method fails to | properly validate the length of data being written, allowing | attackers to cause an overflow, potentially leading to buffer | overflows and arbitrary code execution. This vulnerability can be | exploited by submitting specially crafted inputs that manipulate the | data length, leading to potential unauthorized code execution. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-14306 https://www.cve.org/CVERecord?id=CVE-2025-14306 https://github.com/robo-code/robocode/pull/67 [1] https://security-tracker.debian.org/tracker/CVE-2025-14307 https://www.cve.org/CVERecord?id=CVE-2025-14307 https://github.com/robo-code/robocode/pull/68 [2] https://security-tracker.debian.org/tracker/CVE-2025-14308 https://www.cve.org/CVERecord?id=CVE-2025-14308 https://github.com/robo-code/robocode/pull/70 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
