SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.
References
Link | Resource |
---|---|
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vgvw-6xcf-qqfc | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2023-01-03 21:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-36943
Mitre link : CVE-2022-36943
CVE.ORG link : CVE-2022-36943
JSON object : View
Products Affected
ssziparchive_project
- ssziparchive