PT-2023-32802 · Peazip · Peazip
Tfhm
·
Published
2023-12-17
·
Updated
2024-05-17
·
CVE-2023-6891
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PeaZip versions 9.4.0
Description
A vulnerability has been found in the library dragdropfilesdll.dll of the component Library Handler, leading to uncontrolled search path. The manipulation can be exploited locally. Upgrading to version 9.6.0 is able to address this issue.
Recommendations
For PeaZip version 9.4.0, upgrade to version 9.6.0 to address the issue. As a temporary workaround, consider restricting access to the
dragdropfilesdll.dll library until the update is applied.Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Peazip