Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-44900HistoryDec 06, 2022 - 8:15 p.m.
CVE-2022-44900
2022-12-0620:15:10
Debian Security Bug Tracker
security-tracker.debian.org
27
directory traversal
sevenzipfile.extractall() function
python library
py7zr v0.20.0
arbitrary files
crafted 7z file
unix
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.01
Percentile
84.0%
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | py7zr | < 0.11.3+dfsg-5 | py7zr_0.11.3+dfsg-5_all.deb |
| Debian | 11 | all | py7zr | < 0.11.3+dfsg-1+deb11u1 | py7zr_0.11.3+dfsg-1+deb11u1_all.deb |
| Debian | 999 | all | py7zr | < 0.11.3+dfsg-5 | py7zr_0.11.3+dfsg-5_all.deb |
| Debian | 13 | all | py7zr | < 0.11.3+dfsg-5 | py7zr_0.11.3+dfsg-5_all.deb |
Related
osv
osv
PYSEC-2022-42998
2022-12-06 20:15:00
CVE-2022-44900
2022-12-06 20:15:10
py7zr directory traversal vulnerability
2022-12-06 21:30:45
debian
debian
[SECURITY] [DSA 5652-1] py7zr security update
2024-04-02 18:01:49
cvelist
cvelist
CVE-2022-44900
2022-12-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-7030-1)
2024-09-25 00:00:00
Debian: Security Advisory (DSA-5652-1)
2024-04-04 00:00:00
veracode
veracode
Directory Traversal
2022-12-08 10:56:43
githubexploit
githubexploit
Exploit for Path Traversal in Py7Zr Project Py7Zr
2023-01-21 14:52:59
prion
prion
Directory traversal
2022-12-06 20:15:00
cve
cve
CVE-2022-44900
2022-12-06 20:15:10
zdt
zdt
py7zr 0.20.0 Directory Traversal Vulnerability
2022-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2022-44900
2022-12-06 00:00:00
nvd
nvd
CVE-2022-44900
2022-12-06 20:15:10
nessus
nessus
Debian dsa-5652 : python-py7zr-doc - security update
2024-04-02 00:00:00
Ubuntu 22.04 LTS : py7zr vulnerability (USN-7030-1)
2024-09-24 00:00:00
github
github
py7zr directory traversal vulnerability
2022-12-06 21:30:45
packetstorm
packetstorm
py7zr 0.20.0 Directory Traversal
2022-12-07 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.01
Percentile
84.0%
Related for DEBIANCVE:CVE-2022-44900