Unrated severityNVD Advisory· Published Jan 3, 2023· Updated Apr 10, 2025

CVE-2022-36943

Description

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

SSZipArchive/SSZipArchivellm-create
Range: <=2.5.3
ZipArchive/SSZipArchivev5
Range: unspecified

Patches

Vulnerability mechanics

References

github.com/metaredteam/external-disclosures/security/advisories/GHSA-vgvw-6xcf-qqfcmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000