Ubuntu.comUB:CVE-2021-32840CVE-2021-32840
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.0%
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to
version 1.3.3, a TAR file entry ../evil.txt may be extracted in the
parent directory of destFolder. This leads to arbitrary file write that
may lead to code execution. The vulnerability was patched in version 1.3.3.
References
github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc
github.com/icsharpcode/SharpZipLib/releases/tag/v1.3.3
launchpad.net/bugs/cve/CVE-2021-32840
nvd.nist.gov/vuln/detail/CVE-2021-32840
security-tracker.debian.org/tracker/CVE-2021-32840
securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
www.cve.org/CVERecord?id=CVE-2021-32840
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.0%