2 matches found
CVE-2022-36943
CVE-2022-36943 : SSZipArchive (versions 2.5.3 and older) has an arbitrary file write vulnerability due to lack of sanitization for symlink paths. Opening a malicious ZIP that contains a symlink as the first item can cause SSZipArchive to overwrite arbitrary files on the filesystem. The available ...
CVE-2023-39136
CVE-2023-39136 affects ZipArchive v2.5.4, via an unhandled edge case in the _sanitizedPath component that can cause a Denial of Service when processing a crafted zip file. Public documents consistently describe the vulnerable component and version, with remediation guidance to upgrade ZipArchive ...