CVE-2018-10860 — Path Traversal in Libarchive-zip-perl

CWE-22 — Path Traversal9 documents7 sources

Severity

7.5HIGHNVD

EPSS

5.7%

top 9.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libarchive-zip-perl Canonical Ubuntu Linux Debian Linux

Timeline

PublishedJun 29

Latest updateMay 14

Description

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶debiandebian/libarchive-zip-perl< libarchive-zip-perl 1.62-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-46vh-339r-h4rg: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip↗2022-05-14

▶

OSV

CVE-2018-10860: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip↗2018-06-29

▶

📋Vendor Advisories

Ubuntu

Archive Zip↗2018-07-04

▶

Ubuntu

Archive Zip vulnerability↗2018-07-04

▶

Red Hat

perl-Archive-Zip: Directory traversal in Archive::Zip↗2018-06-28

▶

Debian

CVE-2018-10860: libarchive-zip-perl - perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was ...↗2018

▶

💬Community

Bugzilla

CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip [fedora-all]↗2018-06-28

▶

Bugzilla

CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip↗2018-06-14

▶