CVE-2022-36943

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-36943
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36943.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36943
Aliases
  • GHSA-vgvw-6xcf-qqfc
Published
2023-01-03T21:15:12Z
Modified
2024-09-03T04:27:13.070460Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.

References

Affected packages

Git / github.com/ziparchive/ziparchive

Affected ranges

Type
GIT
Repo
https://github.com/ziparchive/ziparchive
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.2.0
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0

1.*

1.0.1
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.7.0
1.8.0
1.8.1

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.2.0
2.2.1
2.2.2
2.2.3
2.3.0
2.4.0
2.4.1
2.4.2
2.4.3
2.5.0
2.5.1
2.5.2
2.5.3

v0.*

v0.1.0
v0.1.1
v0.2.0
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0

v1.*

v1.0.1
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.8.0
v1.8.1

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.4.0
v2.4.1
v2.4.2