CVE-2018-10860
published 2018-06-29CVE-2018-10860: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while…
PriorityP260high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
48.72%
98.7th percentile
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libarchive-zip-perl | < libarchive-zip-perl 1.62-1 (bookworm) | libarchive-zip-perl 1.62-1 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
- →Directory traversal via unsanitized paths in zip archive entries — look for zip files containing entries with '..' path components or absolute paths being extracted by Archive::Zip ↗
- →Archive::Zip does not protect against symlinks in zip entries — monitor for symlink-based path traversal attempts during zip extraction, similar to CVE-2007-4829 and CVE-2018-12015 ↗
- →Upstream fix is available at the referenced commit — patch presence/absence can be used to identify vulnerable installations ↗
- ·Vulnerability is in the perl-Archive-Zip module itself, not in a specific configuration — any Perl application using Archive::Zip to extract untrusted zip files is affected regardless of configuration ↗
- ·Red Hat Enterprise Linux 5, 6, and 7 are marked 'Will not fix'; RHEL 8 and rh-perl530 are not affected — detection scope should prioritize older RHEL/SCL environments ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv7.5HIGH
vendor_debian5.4MEDIUM
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-46vh-339r-h4rg: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip
ghsa_unreviewed·2022-05-14
CVE-2018-10860 [HIGH] CWE-22 GHSA-46vh-339r-h4rg: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
OSV
CVE-2018-10860: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip
osv·2018-06-29·CVSS 7.5
CVE-2018-10860 [HIGH] CVE-2018-10860: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Ubuntu
Archive Zip
vendor_ubuntu·2018-07-04
CVE-2018-10860 Archive Zip
Title: Archive Zip
Summary: Archive Zip module could be made to expose sensitive information
if it received a specially crafted input.
It was discovered that the Archive Zip module incorrectly handled certain inputs.
An attacker could possibly use this to access sensitive information.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Archive Zip vulnerability
vendor_ubuntu·2018-07-04
CVE-2018-10860 Archive Zip vulnerability
Title: Archive Zip vulnerability
Summary: Archive Zip module could be made to expose sensitive information
if it received a specially crafted input.
USN-3703-1 fixed a vulnerability in Archive Zip module. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that the Archive Zip module incorrectly handled certain inputs.
An attacker could possibly use this to access sensitive information.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
perl-Archive-Zip: Directory traversal in Archive::Zip
vendor_redhat·2018-06-28·CVSS 5.4
CVE-2018-10860 [MEDIUM] CWE-22 perl-Archive-Zip: Directory traversal in Archive::Zip
perl-Archive-Zip: Directory traversal in Archive::Zip
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Package: perl-Archive-Zip (Red Hat Enterprise Linux 5) - Will not fix
Package: perl-Archive-Zip (Red Hat Enterprise Linux 6) -
Debian
CVE-2018-10860: libarchive-zip-perl - perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was ...
vendor_debian·2018·CVSS 5.4
CVE-2018-10860 [MEDIUM] CVE-2018-10860: libarchive-zip-perl - perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was ...
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Scope: local
bookworm: resolved (fixed in 1.62-1)
bullseye: resolved (fixed in 1.62-1)
forky: resolved (fixed in 1.62-1)
sid: resolved (fixed in 1.62-1)
trixie: resolved (fixed in 1.62-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip [fedora-all]
bugzilla·2018-06-28·CVSS 5.4
CVE-2018-10860 [MEDIUM] CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip [fedora-all]
CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip [fedora-all]
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.
# bugfix, security, enhancement, newpackage (required)
type=security
# testing, stable
request=testing
# Bug numbers: 1234,9876
bugs=1591449,1596132
# Description of your update
notes=Security fix for [PUT CVEs HERE]
# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3
# Automatically close bugs when this marked as stable
close_bugs=True
# Suggest that users restart after u
Bugzilla
CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip
bugzilla·2018-06-14·CVSS 6.8
CVE-2018-10860 [MEDIUM] CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip
CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip
Archive::Zip does not protect against symlinks or '..' path traversals. Attacks similar to CVE-2007-4829 or CVE-2018-12015 also affect Archive::Zip.
Discussion:
Archive::Zip has never been part of upstream Perl release:
$ corelist Archive::Zip
Data for 2018-04-14
Archive::Zip was not in CORE (or so I think)
It's an independent project .
---
Note: summary edited for clarification.
---
Acknowledgments:
Name: Doran Moppert (Red Hat)
---
Created perl-Archive-Zip tracking bugs for this issue:
Affects: fedora-all [bug 1596132]
---
Upstream fix:
https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
---
perl-Archive-Zip-1.59-6.fc27 has been pushed to the Fedora 27 stable repository. If problems st
http://www.securityfocus.com/bid/104580https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860https://lists.debian.org/debian-lts-announce/2018/07/msg00032.htmlhttps://usn.ubuntu.com/3703-1/https://usn.ubuntu.com/3703-2/https://www.debian.org/security/2018/dsa-4300http://www.securityfocus.com/bid/104580https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860https://lists.debian.org/debian-lts-announce/2018/07/msg00032.htmlhttps://usn.ubuntu.com/3703-1/https://usn.ubuntu.com/3703-2/https://www.debian.org/security/2018/dsa-4300
2018-06-29
Published