Vulnerability Details CVE-2018-1002208
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.1%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/icsharpcode/SharpZipLib/issues/232
- https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0
- https://github.com/snyk/zip-slip-vulnerability
- https://snyk.io/research/zip-slip-vulnerability
- https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247
- https://github.com/icsharpcode/SharpZipLib/issues/232
- https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0
- https://github.com/snyk/zip-slip-vulnerability
- https://snyk.io/research/zip-slip-vulnerability
- https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247
Products affected by CVE-2018-1002208
-
cpe:2.3:a:sharpziplib_project:sharpziplib:-
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.84.0.0
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.85.0.0
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.85.1.271
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.85.2.329
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.85.3.365
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.85.4.369
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.85.5.452
-
cpe:2.3:a:sharpziplib_project:sharpziplib:0.86.0.518