CVE-2021-32840

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32840

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32840.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32840

Aliases

GHSA-m22m-h4rf-pwq3

Related

UBUNTU-CVE-2021-32840

Published

2022-01-26T21:15:13Z

Modified

2024-08-01T07:56:09.681037Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.

References

Affected packages

Git / github.com/icsharpcode/sharpziplib

Affected ranges

Type: GIT
Repo: https://github.com/icsharpcode/sharpziplib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a0e96de70b5264f4c919b09253b1522bc7a221cc

Affected versions

0.*

0.84.0.0

0.85.0.0

0.85.1.271

0.85.2.329

0.85.3.365

0.85.4.369

0.85.5.452

0.86.0.518

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.3.2