Lucene search
GoogleOSV:CVE-2021-32841HistoryJan 26, 2022 - 10:15 p.m.
CVE-2021-32841
2022-01-2622:15:07
Google
osv.dev
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If the destDir is not slash terminated like /home/user/dir it is possible to create a file with a name thats begins with the destination directory, i.e. /home/user/dir.sh. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 contains a patch for this vulnerability.
Related
veracode
veracode
Directory Traversal
2021-12-09 05:15:53
osv
osv
Path Traversal in SharpZipLib
2022-02-01 16:22:57
cve
cve
CVE-2021-32841
2022-01-26 22:15:07
ubuntucve
ubuntucve
CVE-2021-32841
2022-01-26 00:00:00
github
github
Path Traversal in SharpZipLib
2022-02-01 16:22:57
prion
prion
Arbitrary file deletion
2022-01-26 22:15:00
cvelist
cvelist
CVE-2021-32841 Path Traversal in SharpZipLib
2022-01-26 21:10:15
nvd
nvd
CVE-2021-32841
2022-01-26 22:15:07
debiancve
debiancve
CVE-2021-32841
2022-01-26 22:15:07