admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2022-21675 for GHSA-3wq9-j4fc-4wmc

Browse Source 
Add CVE-2022-21675 for GHSA-3wq9-j4fc-4wmc
This commit is contained in:
advisory-db[bot] 2022-01-12 18:16:06 +00:00 committed by GitHub
parent b4b73d0e62
commit f3eb4a3f26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 86 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2022/21xxx/CVE-2022-21675.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bytecode Viewer v2.10.x Zip Slip"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bytecode-viewer",
"version": {
"version_data": [
{
"version_value": "< 2.11.0"
}
]
}
}
]
},
"vendor_name": "Konloch"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA \"Zip Slip\"). The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The Zip Slip vulnerability can affect numerous archive formats, including zip, jar, tar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victims machine. The impact of a Zip Slip vulnerability would allow an attacker to create or overwrite existing files on the filesystem. In the context of a web application, a web shell could be placed within the application directory to achieve code execution. All users should upgrade to BCV v2.11.0 when possible to receive a patch. There are no recommended workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Konloch/bytecode-viewer/security/advisories/GHSA-3wq9-j4fc-4wmc",
"refsource": "CONFIRM",
"url": "https://github.com/Konloch/bytecode-viewer/security/advisories/GHSA-3wq9-j4fc-4wmc"
},
{
"name": "https://github.com/Konloch/bytecode-viewer/commit/1ec02658fe6858162f5e6a24f97928de6696c5cb",
"refsource": "MISC",
"url": "https://github.com/Konloch/bytecode-viewer/commit/1ec02658fe6858162f5e6a24f97928de6696c5cb"
},
{
"name": "https://github.com/Konloch/bytecode-viewer/commit/c968e94b2c93da434a4ecfac6d08eda162d615d0",
"refsource": "MISC",
"url": "https://github.com/Konloch/bytecode-viewer/commit/c968e94b2c93da434a4ecfac6d08eda162d615d0"
},
{
"name": "https://github.com/Konloch/bytecode-viewer/releases/tag/v2.11.0",
"refsource": "MISC",
"url": "https://github.com/Konloch/bytecode-viewer/releases/tag/v2.11.0"
}
]
},
"source": {
"advisory": "GHSA-3wq9-j4fc-4wmc",
"discovery": "UNKNOWN"
}
}