VDB
CVE-2022-36943
CVE-2022-36943
PUBLISHED
CVSS 8.699999809265137 HIGH
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.
EPSS 0.50% · 66.2th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.50%
66.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ZipArchive | SSZipArchive | unspecified |
| ziparchive_project | ziparchive | 0 |
Timeline
- Jan 3, 2023 CVE Published
- Jan 4, 2023 EPSS Score
- Jan 4, 2023 PoC Published
- Feb 14, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 27, 2023 EPSS Score
- May 7, 2023 EPSS Score
- Jun 17, 2023 EPSS Score
- Jul 28, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 18, 2023 EPSS Score
- Nov 28, 2023 EPSS Score
References
- https://www.ibm.com/support/pages/node/7173631 advisory
- https://www.ibm.com/support/pages/node/7174016 advisory
- https://www.ibm.com/support/pages/node/7174015 advisory
- https://www.ibm.com/support/pages/node/7173632 advisory
- https://www.ibm.com/support/pages/node/7172691 advisory
- https://www.ibm.com/support/pages/node/7172692 advisory
- https://www.ibm.com/support/pages/node/7173592 advisory
- https://www.ibm.com/support/pages/node/7173866 advisory
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vgvw-6xcf-qqfc url