CVE-2021-32840

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
26/01/2022
Last modified:
07/02/2022

Description

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sharpziplib_project:sharpziplib:*:*:*:*:*:*:*:* 1.3.3 (excluding)