SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.
References
Link | Resource |
---|---|
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vgvw-6xcf-qqfc | Exploit Third Party Advisory |
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vgvw-6xcf-qqfc | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vgvw-6xcf-qqfc - Exploit, Third Party Advisory |
Information
Published : 2023-01-03 21:15
Updated : 2024-11-21 07:14
NVD link : CVE-2022-36943
Mitre link : CVE-2022-36943
CVE.ORG link : CVE-2022-36943
JSON object : View
Products Affected
ssziparchive_project
- ssziparchive