CVE-2022-21675

{"id": "CVE-2022-21675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-01-12T19:15:09.117", "references": [{"url": "https://github.com/Konloch/bytecode-viewer/commit/1ec02658fe6858162f5e6a24f97928de6696c5cb", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Konloch/bytecode-viewer/commit/c968e94b2c93da434a4ecfac6d08eda162d615d0", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Konloch/bytecode-viewer/releases/tag/v2.11.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Konloch/bytecode-viewer/security/advisories/GHSA-3wq9-j4fc-4wmc", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Konloch/bytecode-viewer/commit/1ec02658fe6858162f5e6a24f97928de6696c5cb", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Konloch/bytecode-viewer/commit/c968e94b2c93da434a4ecfac6d08eda162d615d0", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Konloch/bytecode-viewer/releases/tag/v2.11.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Konloch/bytecode-viewer/security/advisories/GHSA-3wq9-j4fc-4wmc", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA \"Zip Slip\"). The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The Zip Slip vulnerability can affect numerous archive formats, including zip, jar, tar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim\u2019s machine. The impact of a Zip Slip vulnerability would allow an attacker to create or overwrite existing files on the filesystem. In the context of a web application, a web shell could be placed within the application directory to achieve code execution. All users should upgrade to BCV v2.11.0 when possible to receive a patch. There are no recommended workarounds aside from upgrading."}, {"lang": "es", "value": "Bytecode Viewer (BCV) es una suite de ingenier\u00eda inversa para Java/Android. Las versiones del paquete anteriores a 2.11.0 son vulnerables a una escritura arbitraria de archivos por medio de la extracci\u00f3n de archivos (tambi\u00e9n se conoce como \"Zip Slip\"). La vulnerabilidad es explotada usando un archivo especialmente dise\u00f1ado que contiene nombres de archivos de navegaci\u00f3n de directorios (por ejemplo, ../../evil.exe). La vulnerabilidad Zip Slip puede afectar a numerosos formatos de archivo, como zip, jar, tar, war, cpio, apk, rar y 7z. El atacante puede entonces sobrescribir los archivos ejecutables e invocarlos remotamente o esperar a que el sistema o el usuario los llame, logrando as\u00ed una ejecuci\u00f3n de comandos remota en la m\u00e1quina de la v\u00edctima. El impacto de una vulnerabilidad de Zip Slip permitir\u00eda a un atacante crear o sobrescribir archivos existentes en el sistema de archivos. En el contexto de una aplicaci\u00f3n web, podr\u00eda colocarse una shell web dentro del directorio de la aplicaci\u00f3n para lograr una ejecuci\u00f3n de c\u00f3digo. Todos los usuarios deber\u00edan actualizar a BCV versi\u00f3n v2.11.0 cuando sea posible para recibir el parche. No se presentan medidas de mitigaci\u00f3n recomendadas aparte de la actualizaci\u00f3n"}], "lastModified": "2024-11-21T06:45:12.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bytecode_viewer_project:bytecode_viewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E51FE80-DA4D-4D06-8E0E-CA444BF24079", "versionEndExcluding": "2.11.0", "versionStartIncluding": "2.10.16"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}