Sharpziplib@* Security Vulnerabilities and Issues — Sharpziplib@* CVE List

Lucene search

Sharpziplib ProjectSharpziplib*

4 matches found

CVE•added 2022/01/26 9:15 p.m.•87 views

CVE-2021-32840

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.

9.8CVSS8.6AI score0.01751EPSS

CVE•added 2018/07/25 5:29 p.m.•83 views

CVE-2018-1002208

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

5.5CVSS5.4AI score0.01482EPSS

CVE•added 2022/01/26 10:15 p.m.•74 views

CVE-2021-32841

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If the destDir is not slash terminated like /home/us...

5.3CVSS4.8AI score0.00378EPSS

CVE•added 2022/01/26 9:15 p.m.•71 views

CVE-2021-32842

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory ends with slash. If the _baseDirectory is not slash terminat...

5.3CVSS4.8AI score0.00298EPSS