Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2018-17828

Published: 01/10/2018 Updated: 28/11/2018
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Subscribe to Zziplib Project

Vulnerability Summary

Directory traversal vulnerability in ZZIPlib 0.13.69 allows malicious users to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zziplib project zziplib 0.13.69

Vendor Advisories

Red Hat: Moderate: zziplib security update
Synopsis Moderate: zziplib security update Type/Severity Security Advisory: Moderate Topic An update for zziplib is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Moderate: zziplib security update
Synopsis Moderate: zziplib security update Type/Severity Security Advisory: Moderate Topic An update for zziplib is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Amazon Linux 2: ALAS2-2020-1551
It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip An attacker may use this flaw to write files outside the intended target directory, overwriting existing files, or creating new ones (CVE-2018-17828) ...
Red Hat: CVE-2018-17828
It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip An attacker may use this flaw to write files outside the intended target directory, overwriting existing files, or creating new ones ...

References

CWE-22https://github.com/gdraheim/zziplib/issues/62https://access.redhat.com/errata/RHSA-2020:1653https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1551.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook