VDB
CVE-2023-43616
CVE-2023-43616
PUBLISHED
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.
EPSS 0.07% · 20.5th percentile
Risk Scores
EPSS Score
0.07%
20.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | schollz/croc | 0 |
| schollz | croc | 0 |
| n/a | n/a | n/a |
Timeline
- Sep 20, 2023 CVE Published
- Sep 21, 2023 CVE Updated
- Sep 22, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Dec 27, 2023 EPSS Score
- Jan 28, 2024 EPSS Score
- Feb 29, 2024 EPSS Score
- Apr 1, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jul 6, 2024 EPSS Score
References
- https://www.openwall.com/lists/oss-security/2023/09/08/2 url
- https://github.com/schollz/croc/issues/594 url
- [oss-security] 20230921 Re: croc: multiple issues in file sharing utility mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2023-43616 advisory
- https://github.com/schollz/croc/pull/698 url
- https://github.com/schollz/croc/commit/4929635eb875d2304e9415b8f4aa62af9e1a2339 url
- https://github.com/schollz/croc package