PT-2018-14208 · Zziplib+7 · Zziplib+7

92Wyunchao

Published

2018-09-25

Updated

2025-11-12

CVE-2018-17828

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions ZZIPlib version 0.13.69

Description The issue allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file. This is due to the unzzip cat function in the bins/unzzipcat-mem.c file.

Recommendations For ZZIPlib version 0.13.69, consider restricting the use of the unzzip cat function until a patch is available to prevent directory traversal attacks.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2020:1653

ALSA-2025:20478

ALSA-2025:20838

ALT-PU-2019-2518

ALT-PU-2019-3157

ALT-PU-2021-1386

ALT-PU-2025-9530

AZL-7014

AZL-7458

CESA-2020_1178

CESA-2020_1653

CVE-2018-17828

INFSA-2025_20838

MGASA-2019-0093

OPENSUSE-SU-2018_3314-1

OPENSUSE-SU-2018_3446-1

OPENSUSE-SU-2024:11546-1

RHSA-2020:1178

RHSA-2020:1653

RHSA-2020_1178

RHSA-2020_1653

RHSA-2025:20478

RHSA-2025:20838

RHSA-2025_20838

RLSA-2020:1653

SUSE-SU-2018:3220-1

SUSE-SU-2018:3379-1

SUSE-SU-2018_3220-1

SUSE-SU-2018_3379-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Suse

Zziplib

CVE-2018-17828

Weakness Enumeration

Related Identifiers

Affected Products

References · 58