PT-2018-14208 · Zziplib+7 · Zziplib+7

92Wyunchao

Publicado

2018-09-25

Atualizado

2025-11-12

CVE-2018-17828

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions ZZIPlib version 0.13.69

Description The issue allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file. This is due to the unzzip cat function in the bins/unzzipcat-mem.c file.

Recommendations For ZZIPlib version 0.13.69, consider restricting the use of the unzzip cat function until a patch is available to prevent directory traversal attacks.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALSA-2020:1653

ALSA-2025:20478

ALSA-2025:20838

ALT-PU-2019-2518

ALT-PU-2019-3157

ALT-PU-2021-1386

ALT-PU-2025-9530

AZL-7014

AZL-7458

CESA-2020_1178

CESA-2020_1653

CVE-2018-17828

INFSA-2025_20838

MGASA-2019-0093

OPENSUSE-SU-2018_3314-1

OPENSUSE-SU-2018_3446-1

OPENSUSE-SU-2024:11546-1

RHSA-2020:1178

RHSA-2020:1653

RHSA-2020_1178

RHSA-2020_1653

RHSA-2025:20478

RHSA-2025:20838

RHSA-2025_20838

RLSA-2020:1653

SUSE-SU-2018:3220-1

SUSE-SU-2018:3379-1

SUSE-SU-2018_3220-1

SUSE-SU-2018_3379-1

Produtos afetados

Alt Linux

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Suse

Zziplib

PT-2018-14208 · Zziplib+7 · Zziplib+7

CVE-2018-17828

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58