CVE-2021-32842

2022-01-2621:15:13

Debian Security Bug Tracker

security-tracker.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

30.9%

JSON

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory ends with slash. If the _baseDirectory is not slash terminated like /home/user/dir it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. /home/user/dir.sh. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12allmono< 6.8.0.105+dfsg-3.3mono_6.8.0.105+dfsg-3.3_all.deb
Debian11allmono< 6.8.0.105+dfsg-3.3~deb11u1mono_6.8.0.105+dfsg-3.3~deb11u1_all.deb
Debian999allmono< 6.8.0.105+dfsg-3.6mono_6.8.0.105+dfsg-3.6_all.deb
Debian13allmono< 6.8.0.105+dfsg-3.6mono_6.8.0.105+dfsg-3.6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mono	< 6.8.0.105+dfsg-3.3	mono_6.8.0.105+dfsg-3.3_all.deb
Debian	11	all	mono	< 6.8.0.105+dfsg-3.3~deb11u1	mono_6.8.0.105+dfsg-3.3~deb11u1_all.deb
Debian	999	all	mono	< 6.8.0.105+dfsg-3.6	mono_6.8.0.105+dfsg-3.6_all.deb
Debian	13	all	mono	< 6.8.0.105+dfsg-3.6	mono_6.8.0.105+dfsg-3.6_all.deb