CVE-2018-10860
Description
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
5.737
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| libarchive-zip-perl security update(DSA-4300-1) libarchive-zip-perl_1.59-1+deb9u1_all.deb | Linux |
| SUSE-SU-2018:2385-1(SUSE Linux Enterprise Desktop 12-SP3 ) perl-Archive-Zip-1.34-3.3.1.noarch.rpm | Linux |
| SUSE-SU-2018:2388-1(SUSE Linux Enterprise Server 11-SP4 ) perl-Archive-Zip-1.24-4.3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234