CVE-2022-44900

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions py7zr versions 0.20.0 and earlier

Description A directory traversal issue in the SevenZipFile.extractall() function allows attackers to write arbitrary files by extracting a crafted 7z file.

Recommendations For py7zr versions 0.20.0 and earlier, consider disabling the SevenZipFile.extractall() function until a patch is available to prevent arbitrary file writes.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-44900

DSA-5652-1

GHSA-M8XW-9X5X-6VH3

OPENSUSE-SU-2024:12586-1

OPENSUSE-SU-2025:15101-1

PYSEC-2022-42998

USN-7030-1

Affected Products

Linuxmint

Ubuntu

Py7Zr

CVE-2022-44900

Weakness Enumeration

Related Identifiers

Affected Products

References · 23