CVE-2021-32840

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32840
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32840.json
Aliases
Published
2022-01-26T21:15:13Z
Modified
2023-11-29T08:54:46.898387Z
Details

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.

References

Affected packages

Git / github.com/icsharpcode/SharpZipLib

Affected ranges

Type
GIT
Repo
https://github.com/icsharpcode/SharpZipLib
Events
Introduced
0The exact introduced commit is unknown
Fixed
a0e96de70b5264f4c919b09253b1522bc7a221cc
Type
GIT
Repo
https://github.com/icsharpcode/sharpziplib
Events
Introduced
0The exact introduced commit is unknown
Fixed
1b1ab013ce1df02d8f27cf582197759c614d9126

Affected versions

0.*

0.84.0.0
0.85.0.0
0.85.1.271
0.85.2.329
0.85.3.365
0.85.4.369
0.85.5.452
0.86.0.518

v1.*

v1.0.0
v1.0.0-rc1
v1.0.0-rc2
v1.1.0
v1.2.0
v1.3.0
v1.3.1
v1.3.2