CVEDB API

Vulnerability Details CVE-2023-39136

An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.7%

CVSS Severity

CVSS v3 Score 5.5

References

https://blog.ostorlab.co/zip-packages-exploitation.html
https://github.com/ZipArchive/ZipArchive/issues/680
https://ostorlab.co/vulndb/advisory/OVE-2023-2
https://security.snyk.io/research/zip-slip-vulnerability
https://blog.ostorlab.co/zip-packages-exploitation.html
https://github.com/ZipArchive/ZipArchive/issues/680
https://ostorlab.co/vulndb/advisory/OVE-2023-2
https://security.snyk.io/research/zip-slip-vulnerability

Products affected by CVE-2023-39136

Ziparchive Project » Ziparchive » Version: 2.5.4

cpe:2.3:a:ziparchive_project:ziparchive:2.5.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-39136

Products

Pricing

Contact Us