Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-asn1" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-asn1-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-base" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-base-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-common-test" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-common-test-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-crypto" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-crypto-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-debugger" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-dev" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-dialyzer" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-dialyzer-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-diameter" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-doc" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-edoc" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-eldap" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-erl-docgen" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-et" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-eunit" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-examples" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-ftp" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-inets" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-jinterface" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-manpages" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-megaco" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-megaco-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-mnesia" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-mode" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-nox" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-observer" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-odbc" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-odbc-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-os-mon" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-os-mon-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-parsetools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-public-key" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-reltool" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-runtime-tools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-runtime-tools-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-snmp" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-src" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-ssh" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-ssl" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-syntax-tools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-tftp" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-tools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-tools-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-wx" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-wx-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-x11" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-xmerl" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-asn1" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-asn1-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-base" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-base-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-common-test" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-common-test-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-crypto" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-crypto-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-debugger" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-dev" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-dialyzer" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-dialyzer-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-diameter" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-doc" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-edoc" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-eldap" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-erl-docgen" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-et" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-eunit" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-examples" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-ftp" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-inets" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-jinterface" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-manpages" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-megaco" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-megaco-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-mnesia" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-mode" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-nox" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-observer" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-odbc" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-odbc-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-os-mon" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-os-mon-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-parsetools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-public-key" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-reltool" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-runtime-tools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-runtime-tools-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-snmp" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-src" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-ssh" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-ssl" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-syntax-tools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-tftp" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-tools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-wx" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-wx-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-x11" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-xmerl" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-asn1" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-asn1-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-base" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-base-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-common-test" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-common-test-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-crypto" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-crypto-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-debugger" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-dev" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-dialyzer" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-dialyzer-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-diameter" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-doc" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-edoc" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-eldap" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-et" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-eunit" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-examples" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-ftp" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-inets" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-jinterface" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-megaco" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-megaco-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-mnesia" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-mode" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-nox" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-observer" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-odbc" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-odbc-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-os-mon" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-os-mon-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-parsetools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-public-key" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-reltool" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-runtime-tools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-runtime-tools-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-snmp" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-src" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-ssh" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-ssl" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-syntax-tools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-tftp" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-tools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-wx" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-wx-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-x11" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-xmerl" } ] }