cbcvebase.
CVE-2018-10860
published 2018-06-29

CVE-2018-10860: perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while…

PriorityP260high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
48.72%
98.7th percentile
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

Affected

7 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlibarchive-zip-perl< libarchive-zip-perl 1.62-1 (bookworm)libarchive-zip-perl 1.62-1 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

  • Directory traversal via unsanitized paths in zip archive entries — look for zip files containing entries with '..' path components or absolute paths being extracted by Archive::Zip
  • Archive::Zip does not protect against symlinks in zip entries — monitor for symlink-based path traversal attempts during zip extraction, similar to CVE-2007-4829 and CVE-2018-12015
  • Upstream fix is available at the referenced commit — patch presence/absence can be used to identify vulnerable installations
  • ·Vulnerability is in the perl-Archive-Zip module itself, not in a specific configuration — any Perl application using Archive::Zip to extract untrusted zip files is affected regardless of configuration
  • ·Red Hat Enterprise Linux 5, 6, and 7 are marked 'Will not fix'; RHEL 8 and rh-perl530 are not affected — detection scope should prioritize older RHEL/SCL environments

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv7.5HIGH
vendor_debian5.4MEDIUM
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.