Lucene search

GitHub Advisory DatabaseGHSA-8C8W-F7WP-2JR2

HistorySep 20, 2023 - 6:30 a.m.

Sender can cause a receiver to overwrite files during ZIP extraction in Croc

2023-09-2006:30:50

CWE-22

GitHub Advisory Database

github.com

croc software

zip extraction

file overwrite

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.7%

JSON

An issue was discovered in Croc before 9.6.16. A sender can cause a receiver to overwrite files during ZIP extraction.

Affected configurations

Vulners

Node

schollzcrocRange<9.6.16

VendorProductVersionCPE
schollzcroc*cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schollz	croc	*	cpe:2.3:a:schollz:croc::::::::

References

www.openwall.com/lists/oss-security/2023/09/21/5

github.com/advisories/GHSA-8c8w-f7wp-2jr2

github.com/schollz/croc/commit/4929635eb875d2304e9415b8f4aa62af9e1a2339

github.com/schollz/croc/issues/594

github.com/schollz/croc/pull/698

nvd.nist.gov/vuln/detail/CVE-2023-43616

www.openwall.com/lists/oss-security/2023/09/08/2

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.7%

JSON

Related for GHSA-8C8W-F7WP-2JR2