Bug ID 1098354
Summary VUL-0: CVE-2018-1002209: quazip: arbitrary file write vulnerability achieved by using a specially crafted zip archive
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware Other
URL https://smash.suse.de/issue/208490/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee crrodriguez@opensuse.org
Reporter abergmann@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

rh#1593011

A vulnerability has been found in the way developers have implemented the
archive extraction of files. An arbitrary file write vulnerability, that can be
achieved using a specially crafted zip archive (affects other archives as well,
bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the
filename gets concatenated to the target extraction directory, the final path
ends up outside of the target folder. Of course if an executable or a
configuration file is overwritten with a file containing malicious code, the
problem can turn into an arbitrary code execution issue quite easily. This
affects multiple libraries that lacks of a high level APIs that provide the
archive extraction functionality.


References:
https://snyk.io/research/zip-slip-vulnerability

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1593011
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002209

You are receiving this mail because: