33 matches found
CVE-2026-44788
SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...
CVE-2026-44788
SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...
CVE-2026-44788 SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)
SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...
CVE-2026-44788
SharpCompress CVE-2026-44788 describes a path traversal vulnerability in IArchive.WriteToDirectory() (and WriteToDirectoryAsync) that lets untrusted archives create directories outside the extraction root for ZIP and TAR. TAR could escalate to arbitrary file writes via a symlink chain if a Symbol...
CVE-2026-44788 SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)
SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...
CVE-2026-44788
SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...
SharpCompress 路径遍历漏洞
SharpCompress is a pure C compression library developed by Adam Hathcock. It is compatible with.NET Standard 2.0, 2.1,.NET Core 3.1, and.NET 5.0. Versions of SharpCompress prior to 0.47.4 contained a path traversal vulnerability; this vulnerability stemmed from the IArchive.WriteToDirectory...
GHSA-6C8G-7P36-R338 SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)
Summary A path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target...
SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)
Summary A path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target...
Directory Traversal
Overview SharpCompress is a compression library for NET Standard 2.0/2.1/NET 5.0 that can unrar, decompress 7zip, decompress xz, zip/unzip, tar/untar lzip/unlzip, bzip2/unbzip2 and gzip/ungzip with forward-only reading and file random access APIs. Affected versions of this package are vulnerable ...
EUVD-2019-0666
Malware in sbrugna...
EUVD-2021-2087
Malware in sbrugna...
CVE-2021-39208
SharpCompress is a fully managed C library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to...
CVE-2018-1002206
SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
K64709522: Multiple Zip Slip vulnerabilities
Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
GHSA-JP7F-GRCV-6MJF Partial path traversal in sharpcompress
SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However it is not...
CVE-2021-39208
SharpCompress is a fully managed C library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to...
CVE-2021-39208
SharpCompress is a fully managed C library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to...
Path traversal
SharpCompress is a fully managed C library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to...
CVE-2021-39208 WriteEntryToDirectory used for an archive extraction is vulnerable to partial path traversal.
SharpCompress is a fully managed C library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to...