CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
35.7%
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory
ends with slash. If the _baseDirectory is not slash terminated like /home/user/dir
it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. /home/user/dir.sh
. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.
[
{
"product": "sharpziplib",
"vendor": "icsharpcode",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "1.3.3",
"versionType": "custom"
},
{
"lessThan": "1.0.0*",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
]