Lucene search

K
osvGoogleOSV:CVE-2019-10743
HistoryOct 29, 2019 - 7:15 p.m.

CVE-2019-10743

2019-10-2919:15:16
Google
osv.dev
12

7.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.7%

All versions of archiver allow attacker to perform a Zip Slip attack via the โ€œunarchiveโ€ functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a โ€œโ€ฆ/โ€ฆ/file.exeโ€ location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

7.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.7%