Icsharpcode Sharpziplib vulnerabilities
3 known vulnerabilities affecting icsharpcode/sharpziplib.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-32840CRITICALCVSS 9.8≥ 1.3.3, < 1.3.3≥ 0.86.0, < 0.86.0*2022-01-26
CVE-2021-32840 [CRITICAL] CWE-22 CVE-2021-32840: SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file e
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.
nvd
CVE-2021-32841MEDIUMCVSS 5.3≥ 1.3.3, < 1.3.3≥ 1.3.0, < 1.3.0*2022-01-26
CVE-2021-32841 [MEDIUM] CWE-22 CVE-2021-32841: SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a na
nvd
CVE-2021-32842MEDIUMCVSS 5.3≥ 1.3.3, < 1.3.3≥ 1.0.0, < 1.0.0*2022-01-26
CVE-2021-32842 [MEDIUM] CWE-22 CVE-2021-32842: SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory is not slash terminated like `/home/user/dir` it is possible to create a
nvd