Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2022-44900

Published: 06/12/2022 Updated: 09/12/2022
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and previous versions allows malicious users to write arbitrary files via extracting a crafted 7z file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

py7zr project py7zr

Vendor Advisories

Debian CVElist Bug Report Logs: py7zr: CVE-2022-44900
Debian Bug report logs - #1032091 py7zr: CVE-2022-44900 Package: src:py7zr; Maintainer for src:py7zr is Sandro Tosi <morph@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 27 Feb 2023 19:48:11 UTC Severity: grave Tags: security, upstream Reply or subscribe to this bug Toggle useless mes ...

Exploits

Exploit DB: py7zr 0.20.0 Directory Traversal
A directory traversal vulnerability in the SevenZipFileextractall() function of the python library py7zr versions 0200 and earlier allows attackers to read arbitrary files on the local machine via a malicious 7z file extraction ...

Github Repositories

https://github.com/miurahr/py7zr

7zip in python3 with ZStandard, PPMd, LZMA2, LZMA1, Delta, BCJ, BZip2, and Deflate compressions, and AES encryption.

py7zr -- a 7z library on python py7zr is a library and utility to support 7zip archive compression, decompression, encryption and decryption written by Python programming language Discussion Forum You are welcome to join discussions on project forum/builtin-board at githubcom/miurahr/py7zr/discussions You can see announcements of new releases, questions

https://github.com/0xless/CVE-2022-44900-demo-lab

Demo webapp vulnerable to CVE-2022-44900

CVE-2022-44900 Demo lab Demo webapp vulnerable to CVE-2022-44900 CVE-2022-44900 is a directory traversal vulnerability in SevenZipFileextractall() function of the python library py7zr version 0200 and earlier that allow attackers to read and write arbitrary files on the local machine via malicious 7z file extraction To exploit CVE-2022-44900 vulnerability an attacker needs

References

CWE-22https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406http://packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.htmlhttps://lessonsec.com/cve/cve-2022-44900/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091https://nvd.nist.govhttps://github.com/miurahr/py7zr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook