Lucene search
GoogleOSV:CVE-2021-32842HistoryJan 26, 2022 - 9:15 p.m.
CVE-2021-32842
2022-01-2621:15:13
Google
osv.dev
1
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory ends with slash. If the _baseDirectory is not slash terminated like /home/user/dir it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. /home/user/dir.sh. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sharpziplib | eq | 1.3.1 | |
| sharpziplib | eq | 1.3.2 | |
| sharpziplib | eq | 1.3.0 | |
| sharpziplib | eq | 1.1.0 | |
| sharpziplib | eq | 1.2.0 | |
| sharpziplib | eq | 1.0.0 |
Related
prion
prion
Arbitrary file deletion
2022-01-26 21:15:00
osv
osv
Path Traversal in SharpZipLib
2022-02-01 16:23:00
nvd
nvd
CVE-2021-32842
2022-01-26 21:15:13
cvelist
cvelist
CVE-2021-32842 Path Traversal in SharpZipLib
2022-01-26 21:10:10
github
github
Path Traversal in SharpZipLib
2022-02-01 16:23:00
debiancve
debiancve
CVE-2021-32842
2022-01-26 21:15:13
veracode
veracode
Directory Traversal
2021-12-09 06:25:02
cve
cve
CVE-2021-32842
2022-01-26 21:15:13
ubuntucve
ubuntucve
CVE-2021-32842
2022-01-26 00:00:00