High severityNVD Advisory· Published Jan 26, 2022· Updated Apr 22, 2025
Path Traversal in SharpZipLib
CVE-2021-32840
Description
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
SharpZipLibNuGet | < 1.3.3 | 1.3.3 |
Affected products
2- Range: 1.3.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-m22m-h4rf-pwq3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32840ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2021-125-sharpziplibghsaADVISORY
- github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221ccghsax_refsource_MISCWEB
- github.com/icsharpcode/SharpZipLib/releases/tag/v1.3.3ghsax_refsource_MISCWEB
- securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.