Lucene search

Ubuntu.comUB:CVE-2022-44900

HistoryDec 06, 2022 - 12:00 a.m.

CVE-2022-44900

2022-12-0600:00:00

ubuntu.com

sevenzipfile.extractall function

python library

cve-2022-44900

directory traversal

arbitrary files

7z file

unix

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.01

Percentile

84.0%

JSON

A directory traversal vulnerability in the SevenZipFile.extractall()
function of the python library py7zr v0.20.0 and earlier allows attackers
to write arbitrary files via extracting a crafted 7z file.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchpy7zr< anyUNKNOWN
ubuntu24.04noarchpy7zr< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	py7zr	< any	UNKNOWN
ubuntu	24.04	noarch	py7zr	< any	UNKNOWN

References

github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406

launchpad.net/bugs/cve/CVE-2022-44900

nvd.nist.gov/vuln/detail/CVE-2022-44900

security-tracker.debian.org/tracker/CVE-2022-44900

www.cve.org/CVERecord?id=CVE-2022-44900

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.01

Percentile

84.0%

JSON

Related for UB:CVE-2022-44900