3 matches found
CVE-2026-45380 bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...
CVE-2026-45380
The CVE-2026-45380 issue affects bit7z (a cross-platform C++ static library for archive handling). A one-byte off-by-one bug in SafeOutPathBuilder::restoreSymlink() (prior to 4.0.12) enables crafting a .7z archive that, when extracted on non-Windows, creates a symlink escaping the extraction dire...
bit7z 路径遍历漏洞
bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 contained a path traversal vulnerability. This vulnerability stemmed from a one-byte error in the SafeOutPathBuilder::restoreSymlink function, which could allow attacke...