2157840 – (CVE-2018-25046) CVE-2018-25046 cloudfoundry/archiver: improper path sanitization can result in files being extracted outside of the target directory

Bug 2157840 (CVE-2018-25046) - CVE-2018-25046 cloudfoundry/archiver: improper path sanitization can result in files being extracted outside of the target directory

Summary: CVE-2018-25046 cloudfoundry/archiver: improper path sanitization can result i...

Keywords:
Status:	NEW
Alias:	CVE-2018-25046
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2156778
TreeView+	depends on / blocked

Reported:	2023-01-03 08:00 UTC by Avinash Hanwate
Modified:	2023-07-07 08:30 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the cloudfoundry/archiver package. In affected versions of this package, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory due to improper path sanitization.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2023-01-03 08:00:11 UTC

Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
https://pkg.go.dev/vuln/GO-2020-0025
https://snyk.io/research/zip-slip-vulnerability

Note You need to log in before you can comment on or make changes to this bug.