CVE-2019-10743 Information

Description

All versions of archiver allow attacker to perform a Zip Slip attack via the \unarchive\ functions. It is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited a filename in a malicious archive is concatenated to the target extraction directory which results in the final path ending up outside of the target folder. For instance a zip may hold a file with a ../../file.exe\ location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code the problem can turn into an arbitrary code execution issue quite easily.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

https://github.com/mholt/archiver/pull/169 https://snyk.io/research/zip-slip-vulnerability https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.5