Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-10860

Published: 29/06/2018 Updated: 23/09/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Canonical

Vulnerability Summary

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 18.04

canonical ubuntu linux 17.10

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

debian debian linux 8.0

perl-archive-zip project perl-archive-zip -

Vendor Advisories

Debian CVElist Bug Report Logs: libarchive-zip-perl: CVE-2018-10860: Directory traversal in Archive::Zip
Debian Bug report logs - #902882 libarchive-zip-perl: CVE-2018-10860: Directory traversal in Archive::Zip Package: src:libarchive-zip-perl; Maintainer for src:libarchive-zip-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Jul ...
Ubuntu Security Notice: libarchive-zip-perl vulnerability
Archive Zip module could be made to expose sensitive information if it received a specially crafted input ...
Ubuntu Security Notice: libarchive-zip-perl vulnerability
Archive Zip module could be made to expose sensitive information if it received a specially crafted input ...
Debian Security Advisories: DSA-4300-1 libarchive-zip-perl -- security update
It was discovered that Archive::Zip, a perl module for manipulation of ZIP archives, is prone to a directory traversal vulnerability An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite arbitrary files during archive extraction For the stable distribution (stretch), this problem has b ...
Red Hat: CVE-2018-10860
It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter ...

References

CWE-22https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860http://www.securityfocus.com/bid/104580https://usn.ubuntu.com/3703-2/https://usn.ubuntu.com/3703-1/https://lists.debian.org/debian-lts-announce/2018/07/msg00032.htmlhttps://www.debian.org/security/2018/dsa-4300https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902882https://nvd.nist.govhttps://usn.ubuntu.com/3703-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook