CVE-2021-32841Path Traversal in Sharpziplib

CWE-22Path Traversal5 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Icsharpcode SharpziplibSharpziplib Project SharpziplibDebian Mono
Timeline
PublishedJan 26
Latest updateFeb 1

Description

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins with the destination directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5icsharpcode/sharpziplib1.3.31.3.3+1
NVDsharpziplib_project/sharpziplib1.3.01.3.3
NuGetsharpziplib_project/sharpziplib1.3.01.3.3
debiandebian/mono

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
Path Traversal in SharpZipLib2022-02-01
OSV
Path Traversal in SharpZipLib2022-02-01
OSV
CVE-2021-32841: SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library2022-01-26

📋Vendor Advisories

1
Debian
CVE-2021-32841: mono - SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version...2021