CVE-2021-32840Path Traversal in Sharpziplib

CWE-22Path Traversal5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.5%
top 18.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Icsharpcode SharpziplibSharpziplib Project SharpziplibDebian Mono
Timeline
PublishedJan 26
Latest updateFeb 1

Description

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5icsharpcode/sharpziplib1.3.31.3.3+1
debiandebian/mono

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
Path Traversal in SharpZipLib2022-02-01
OSV
Path Traversal in SharpZipLib2022-02-01
OSV
CVE-2021-32840: SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library2022-01-26

📋Vendor Advisories

1
Debian
CVE-2021-32840: mono - SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version...2021