| Bug ID | 1215172 |
|---|---|
| Summary | VUL-0: croc: multiple security issues in croc |
| Classification | openSUSE |
| Product | openSUSE Tumbleweed |
| Version | Current |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | jsmithfpv@gmail.com |
| Reporter | matthias.gerstner@suse.com |
| QA Contact | qa-bugs@suse.de |
| CC | security-team@suse.de |
| Target Milestone | --- |
| Found By | --- |
| Blocker | --- |
I have reviewed the Croc codebase during the past month and have found a series of security issues, mostly in the area of a receiver of files which can be harmed by a malicious sender. There are now public GitHub issues about the most pressing issues: - possible creation of files in dangerous path location: https://github.com/schollz/croc/issues/593 - Interactive File Overwrite Prompt can be Circumvented by Sending ZIP file: https://github.com/schollz/croc/issues/594 - Escape Sequences in Filenames are not Filtered: https://github.com/schollz/croc/issues/595 - Use of Parts of the Shared Secret as Room Name: https://github.com/schollz/croc/issues/596 - Unencrypted "ips?" Message Leaks Information from the Sender Side: https://github.com/schollz/croc/issues/597 - Shared Secret Passed on Command Line Possibly Leaks to other Local Users: https://github.com/schollz/croc/issues/598 Nothing of this is currently fixed and it sounds like they also won't be fixed for a longer time, because the upstream author is lacking time to take care of this. As maintainers of croc you may be able to help out upstream to fix these issues or you may consider dropping this package from openSUSE until it becomes better.