Unrated severityNVD Advisory· Published Jul 25, 2018· Updated Sep 16, 2024

CVE-2018-1002209

Description

QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

QuaZIP/QuaZIPllm-create2 versions
<0.7.6+ 1 more
- (no CPE)range: <0.7.6
- (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

github.com/stachenov/quazip/blob/0.7.6/NEWS.txtmitrex_refsource_CONFIRM
github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98mitrex_refsource_CONFIRM
snyk.io/research/zip-slip-vulnerabilitymitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000