PT-2023-18762 · Zip4J+2 · Zip4J+2
Kenny Paterson
+2
·
Published
2023-01-10
·
Updated
2025-04-09
·
CVE-2023-22899
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Zip4j versions prior to 2.11.3
Description
The issue is related to the decryption of ZIP archives, where the MAC is not always checked. This affects products that use Zip4j, including Threema.
Recommendations
For versions prior to 2.11.3, update to version 2.11.3 or later to resolve the issue. As a temporary workaround, consider disabling the decryption of ZIP archives until a patch is available. Restrict access to ZIP archives to minimize the risk of exploitation. Avoid using the affected Zip4j library in sensitive operations until the issue is resolved.
Exploit
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Threema
Zip4J