81 matches found
CVE-2021-32841 Path Traversal in SharpZipLib
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If the destDir is not slash terminated like...
CVE-2021-32841
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If the destDir is not slash terminated like...
CVE-2021-32841
CVE-2021-32841 affects SharpZipLib (aka #ziplib). In versions 1.3.0 through 1.3.2, a check to ensure the destination file is under the destination directory could be bypassed if destDir was not slash-terminated (e.g., “/home/user/dir”). This could allow creating a file whose name begins with the ...
CVE-2021-32841 Path Traversal in SharpZipLib
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If the destDir is not slash terminated like...
CVE-2021-32842
CVE-2021-32842 affects SharpZipLib (aka #ziplib). The issue is a path traversal flaw where a non-slash-terminated _baseDirectory allows creating a file whose name begins with the destination directory (e.g., /home/user/dir.sh), enabling arbitrary file creation. Versions 1.0.0 through 1.3.2 are af...
CVE-2021-32842 Path Traversal in SharpZipLib
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that baseDirectory ends with slash. If the baseDirectory is not slash terminated...
CVE-2021-32842
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that baseDirectory ends with slash. If the baseDirectory is not slash terminated...
CVE-2021-32842 Path Traversal in SharpZipLib
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that baseDirectory ends with slash. If the baseDirectory is not slash terminated...
CVE-2021-32840
CVE-2021-32840 affects SharpZipLib (aka #ziplib). Before version 1.3.3, a TAR file entry "../evil.txt" could be extracted into the parent directory of a destination folder, enabling arbitrary file write and potentially code execution. The vulnerability is patched in version 1.3.3. In the provided...
CVE-2021-32840
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...
CVE-2021-32840 Path Traversal in SharpZipLib
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...
CVE-2021-32840 Path Traversal in SharpZipLib
SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...
SharpZipLib 路径遍历漏洞
SharpZipLib ziplib, formerly known as NZipLib is an open source C compression and decompression library from the ICSharpCode Icsharpcode team for the .NET platform, which supports decompression and compression of Zip, GZip, BZip2, Tar and other formats. SharpZipLib has a security vulnerability th...
SharpZipLib 路径遍历漏洞
SharpZipLib ziplib, formerly known as NZipLib is an open source C compression and decompression library from the ICSharpCode Icsharpcode team for the .NET platform, which supports decompression and compression of Zip, GZip, BZip2, Tar and other formats. SharpZipLib has a security vulnerability th...
SharpZipLib 路径遍历漏洞
SharpZipLib ziplib, formerly known as NZipLib is an open source C compression and decompression library from the ICSharpCode Icsharpcode team for the .NET platform, which supports decompression and compression of Zip, GZip, BZip2, Tar and other formats. A security vulnerability exists in...
Directory Traversal
sharpziplib is vulnerable to directory traversal. The vulnerability exists due to the lack of validation that the destination path is under the expected extraction directory...
Directory Traversal
sharpziplib is vulnerable to directory traversal. The vulnerability exists due to the TAR extraction directory path not enforced to be slash terminated allowing an attacker to create a file with a name thats begins as the destination directory one level up from the directory...
Directory Traversal
sharpziplib is vulnerable to directory traversal. The vulnerability exists due to the TAR extraction directory path not enforced to be slash terminated allowing an attacker to create a file with a name thats begins with the destination directory...
Updated sharpziplib/mono-tools packages fix security vulnerability
Update to sharpziplib 1.3.3 which contains a security fix, and rebuild of mono-tools to use the fixed version...
MGASA-2021-0541 Updated sharpziplib/mono-tools packages fix security vulnerability
Update to sharpziplib 1.3.3 which contains a security fix, and rebuild of mono-tools to use the fixed version...