Lucene search
Veracode Vulnerability DatabaseVERACODE:33216HistoryDec 09, 2021 - 6:25 a.m.
Directory Traversal
2021-12-0906:25:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
sharpziplib
directory traversal
tar extraction
vulnerability
software
EPSS
0.001
Percentile
35.7%
sharpziplib is vulnerable to directory traversal. The vulnerability exists due to the TAR extraction directory path not enforced to be slash terminated allowing an attacker to create a file with a name thats begins as the destination directory one level up from the directory.
References
github.com/icsharpcode/SharpZipLib/commit/5376c2daf1c0e0665398dee765af2047e43146ca#
github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc
github.com/icsharpcode/SharpZipLib/pull/235
github.com/icsharpcode/SharpZipLib/releases/tag/v1.3.3
securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
Related
prion
prion
Arbitrary file deletion
2022-01-26 21:15:00
cvelist
cvelist
CVE-2021-32842 Path Traversal in SharpZipLib
2022-01-26 21:10:10
debiancve
debiancve
CVE-2021-32842
2022-01-26 21:15:13
github
github
Path Traversal in SharpZipLib
2022-02-01 16:23:00
ubuntucve
ubuntucve
CVE-2021-32842
2022-01-26 00:00:00
cve
cve
CVE-2021-32842
2022-01-26 21:15:13
osv
osv
Path Traversal in SharpZipLib
2022-02-01 16:23:00
CVE-2021-32842
2022-01-26 21:15:13
nvd
nvd
CVE-2021-32842
2022-01-26 21:15:13