cvelistv5 - CVE-2018-1002205

CVE-2018-1002205 (GCVE-0-2018-1002205)

Vulnerability from cvelistv5 – Published: 2018-07-25 17:00 – Updated: 2025-05-06 14:48

Summary

DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-22

Assigner

snyk

References

URL

Tags

	https://snyk.io/research/zip-slip-vulnerability	x_refsource_MISC
	https://github.com/haf/DotNetZip.Semverd/commit/5…	x_refsource_CONFIRM
	https://github.com/snyk/zip-slip-vulnerability	x_refsource_MISC
	https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245	x_refsource_MISC
	https://github.com/haf/DotNetZip.Semverd/pull/121	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	DotNetZip	DotNetZip.Semvered	Affected: unspecified , < 1.11.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:47:57.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/research/zip-slip-vulnerability"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/snyk/zip-slip-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-1002205",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:22:22.917351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T14:48:52.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DotNetZip.Semvered",
          "vendor": "DotNetZip",
          "versions": [
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2018-05-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-25T17:00:00.000Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/research/zip-slip-vulnerability"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/snyk/zip-slip-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "DATE_ASSIGNED": "2018-05-17T10:52Z",
          "ID": "CVE-2018-1002205",
          "REQUESTER": "danny@snyk.io",
          "STATE": "PUBLIC",
          "UPDATED": "2018-05-17T10:52Z"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DotNetZip.Semvered",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.11.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "DotNetZip"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/research/zip-slip-vulnerability",
              "refsource": "MISC",
              "url": "https://snyk.io/research/zip-slip-vulnerability"
            },
            {
              "name": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
              "refsource": "CONFIRM",
              "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
            },
            {
              "name": "https://github.com/snyk/zip-slip-vulnerability",
              "refsource": "MISC",
              "url": "https://github.com/snyk/zip-slip-vulnerability"
            },
            {
              "name": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
            },
            {
              "name": "https://github.com/haf/DotNetZip.Semverd/pull/121",
              "refsource": "CONFIRM",
              "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2018-1002205",
    "datePublished": "2018-07-25T17:00:00.000Z",
    "dateReserved": "2018-07-25T00:00:00.000Z",
    "dateUpdated": "2025-05-06T14:48:52.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dotnetzip.semverd_project:dotnetzip.semverd:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.11.0\", \"matchCriteriaId\": \"E572F9EC-08BF-40D4-B9A8-4EABE4D23CB2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.\"}, {\"lang\": \"es\", \"value\": \"DotNetZip.Semvered en versiones anteriores a la 1.11.0 es vulnerable a un salto de directorio, lo que permite que los atacantes escriban en archivos arbitrarios mediante un ../ (punto punto barra) en una entrada de archivo Zip que se gestiona de manera incorrecta durante la extracci\\u00f3n. Esta vulnerabilidad tambi\\u00e9n se conoce como \\\"Zip-Slip\\\".\"}]",
      "id": "CVE-2018-1002205",
      "lastModified": "2024-11-21T03:40:39.987",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-07-25T17:29:01.813",
      "references": "[{\"url\": \"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/pull/121\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/snyk/zip-slip-vulnerability\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/research/zip-slip-vulnerability\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/pull/121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/snyk/zip-slip-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/research/zip-slip-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "report@snyk.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"report@snyk.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1002205\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2018-07-25T17:29:01.813\",\"lastModified\":\"2025-05-06T15:15:53.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.\"},{\"lang\":\"es\",\"value\":\"DotNetZip.Semvered en versiones anteriores a la 1.11.0 es vulnerable a un salto de directorio, lo que permite que los atacantes escriban en archivos arbitrarios mediante un ../ (punto punto barra) en una entrada de archivo Zip que se gestiona de manera incorrecta durante la extracci\u00f3n. Esta vulnerabilidad tambi\u00e9n se conoce como \\\"Zip-Slip\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dotnetzip.semverd_project:dotnetzip.semverd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.0\",\"matchCriteriaId\":\"E572F9EC-08BF-40D4-B9A8-4EABE4D23CB2\"}]}]}],\"references\":[{\"url\":\"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/haf/DotNetZip.Semverd/pull/121\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/snyk/zip-slip-vulnerability\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/research/zip-slip-vulnerability\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/haf/DotNetZip.Semverd/pull/121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/snyk/zip-slip-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/research/zip-slip-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://snyk.io/research/zip-slip-vulnerability\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/snyk/zip-slip-vulnerability\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/pull/121\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T12:47:57.466Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-1002205\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:22:22.917351Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:21:18.581Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"DotNetZip\", \"product\": \"DotNetZip.Semvered\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.11.0\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://snyk.io/research/zip-slip-vulnerability\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/snyk/zip-slip-vulnerability\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/pull/121\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"dateAssigned\": \"2018-05-17T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2018-07-25T17:00:00.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"1.11.0\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"DotNetZip.Semvered\"}]}, \"vendor_name\": \"DotNetZip\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://snyk.io/research/zip-slip-vulnerability\", \"name\": \"https://snyk.io/research/zip-slip-vulnerability\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\", \"name\": \"https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/snyk/zip-slip-vulnerability\", \"name\": \"https://github.com/snyk/zip-slip-vulnerability\", \"refsource\": \"MISC\"}, {\"url\": \"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\", \"name\": \"https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/haf/DotNetZip.Semverd/pull/121\", \"name\": \"https://github.com/haf/DotNetZip.Semverd/pull/121\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-22\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-1002205\", \"STATE\": \"PUBLIC\", \"UPDATED\": \"2018-05-17T10:52Z\", \"ASSIGNER\": \"report@snyk.io\", \"REQUESTER\": \"danny@snyk.io\", \"DATE_ASSIGNED\": \"2018-05-17T10:52Z\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-1002205\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-06T14:48:52.591Z\", \"dateReserved\": \"2018-07-25T00:00:00.000Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2018-07-25T17:00:00.000Z\", \"assignerShortName\": \"snyk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2018-1002205

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1002205

Aliases

CVE-2018-1002205

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1002205",
    "description": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.",
    "id": "GSD-2018-1002205"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1002205"
      ],
      "details": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.",
      "id": "GSD-2018-1002205",
      "modified": "2023-12-13T01:22:37.790867Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "report@snyk.io",
        "DATE_ASSIGNED": "2018-05-17T10:52Z",
        "ID": "CVE-2018-1002205",
        "REQUESTER": "danny@snyk.io",
        "STATE": "PUBLIC",
        "UPDATED": "2018-05-17T10:52Z"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DotNetZip.Semvered",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "1.11.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "DotNetZip"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://snyk.io/research/zip-slip-vulnerability",
            "refsource": "MISC",
            "url": "https://snyk.io/research/zip-slip-vulnerability"
          },
          {
            "name": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
            "refsource": "CONFIRM",
            "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
          },
          {
            "name": "https://github.com/snyk/zip-slip-vulnerability",
            "refsource": "MISC",
            "url": "https://github.com/snyk/zip-slip-vulnerability"
          },
          {
            "name": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245",
            "refsource": "MISC",
            "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
          },
          {
            "name": "https://github.com/haf/DotNetZip.Semverd/pull/121",
            "refsource": "CONFIRM",
            "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.11.0)",
          "affected_versions": "All versions before 1.11.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2019-10-09",
          "description": "DotNetZip.Semvered is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.",
          "fixed_versions": [
            "1.11.0"
          ],
          "identifier": "CVE-2018-1002205",
          "identifiers": [
            "CVE-2018-1002205"
          ],
          "not_impacted": "All versions starting from 1.11.0",
          "package_slug": "nuget/DotNetZip",
          "pubdate": "2018-07-25",
          "solution": "Upgrade to version 1.11.0 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1002205",
            "https://github.com/haf/DotNetZip.Semverd/pull/121"
          ],
          "uuid": "1c219a0c-8722-4946-9aaf-f97affb1e923"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dotnetzip.semverd_project:dotnetzip.semverd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "ID": "CVE-2018-1002205"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
            },
            {
              "name": "https://snyk.io/research/zip-slip-vulnerability",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://snyk.io/research/zip-slip-vulnerability"
            },
            {
              "name": "https://github.com/snyk/zip-slip-vulnerability",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/snyk/zip-slip-vulnerability"
            },
            {
              "name": "https://github.com/haf/DotNetZip.Semverd/pull/121",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
            },
            {
              "name": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:32Z",
      "publishedDate": "2018-07-25T17:29Z"
    }
  }
}

FKIE_CVE-2018-1002205

Vulnerability from fkie_nvd - Published: 2018-07-25 17:29 - Updated: 2025-05-06 15:15

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
report@snyk.io	https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366	Patch
report@snyk.io	https://github.com/haf/DotNetZip.Semverd/pull/121	Patch
report@snyk.io	https://github.com/snyk/zip-slip-vulnerability	Third Party Advisory
report@snyk.io	https://snyk.io/research/zip-slip-vulnerability	Third Party Advisory
report@snyk.io	https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/haf/DotNetZip.Semverd/pull/121	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/snyk/zip-slip-vulnerability	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://snyk.io/research/zip-slip-vulnerability	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245	Third Party Advisory

Impacted products

	Vendor	Product	Version
	dotnetzip.semverd_project	dotnetzip.semverd	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dotnetzip.semverd_project:dotnetzip.semverd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E572F9EC-08BF-40D4-B9A8-4EABE4D23CB2",
              "versionEndExcluding": "1.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027."
    },
    {
      "lang": "es",
      "value": "DotNetZip.Semvered en versiones anteriores a la 1.11.0 es vulnerable a un salto de directorio, lo que permite que los atacantes escriban en archivos arbitrarios mediante un ../ (punto punto barra) en una entrada de archivo Zip que se gestiona de manera incorrecta durante la extracci\u00f3n. Esta vulnerabilidad tambi\u00e9n se conoce como \"Zip-Slip\"."
    }
  ],
  "id": "CVE-2018-1002205",
  "lastModified": "2025-05-06T15:15:53.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2018-07-25T17:29:01.813",
  "references": [
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/snyk/zip-slip-vulnerability"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/research/zip-slip-vulnerability"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/snyk/zip-slip-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/research/zip-slip-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
    }
  ],
  "sourceIdentifier": "report@snyk.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "report@snyk.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7378-6268-4278

Vulnerability from github – Published: 2018-10-16 17:16 – Updated: 2025-05-06 17:56

Summary

DotNetZip Zip-Slip Vulnerability

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DotNetZip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1002205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:21:07Z",
    "nvd_published_at": "2018-07-25T17:29:01Z",
    "severity": "MODERATE"
  },
  "details": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \u0027Zip-Slip\u0027.",
  "id": "GHSA-7378-6268-4278",
  "modified": "2025-05-06T17:56:09Z",
  "published": "2018-10-16T17:16:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002205"
    },
    {
      "type": "WEB",
      "url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snyk/zip-slip-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/research/zip-slip-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DotNetZip Zip-Slip Vulnerability"
}

ICSA-23-262-03

Vulnerability from csaf_cisa - Published: 2023-09-19 06:00 - Updated: 2023-09-19 06:00

Summary

Omron Engineering Software Zip-Slip

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Reid Wightman"
        ],
        "organization": "Dragos",
        "summary": "reporting this vulnerability to CISA"
      },
      {
        "names": [
          "Michael Heinzl"
        ],
        "summary": "reporting the Zip-Slip vulnerability to JPCERT/CC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. ",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-262-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-262-03.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-23-262-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Omron Engineering Software Zip-Slip",
    "tracking": {
      "current_release_date": "2023-09-19T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-23-262-03",
      "initial_release_date": "2023-09-19T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2023-09-19T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.54",
                "product": {
                  "name": "Sysmac Studio: \u003c= 1.54",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Sysmac Studio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.22",
                "product": {
                  "name": "NX-IO Configurator: \u003c= 1.22",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "NX-IO Configurator"
          }
        ],
        "category": "vendor",
        "name": "Omron"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1002205",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, which could allow attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry mishandled during extraction. This vulnerability is also known as \"Zip-Slip.\"",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002205"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "OMRON recommends the following general mitigation measures to minimize the risk of vulnerability exploitation:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Anti-virus protection:\n\nProtect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protections.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Security measures to prevent unauthorized access:\n\nMinimize connection of control systems and equipment to open networks so untrusted devices will be unable to access them.\nImplement firewalls (by shutting down unused communications ports, limiting communications hosts, etc.) and isolate them from the IT network.\nUse a virtual private network (VPN) for remote access to control systems and equipment.\nUse strong passwords and change them frequently.\nInstall physical controls so only authorized personnel can access control systems and equipment.\nScan for viruses to ensure safety of any USB drives or similar devices before connecting them to systems and devices.\nEnforce multifactor authentication whenever possible of all devices with remote access to control systems and equipment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Data input and output protection:\n\nPerform process validation, such as backup validation or range checks, to cope with unintentional modification of input/output data to control systems and devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Data recovery:\n\nPeriodical data backup and maintenance to prevent data loss.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please see Omron\u0027s Advisory for more information.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-008_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

CNVD-2018-14349

Vulnerability from cnvd - Published: 2018-08-01

Title

DotNetZip.Semvered目录遍历漏洞

Description

DotNetZip.Semvered是一个用于处理zip文件的库，它用于创建、提取或更新zip文件。 DotNetZip.Semvered 1.11.0之前版本中存在目录遍历漏洞。攻击者可借助带有目录遍历名称的特制的zip归档文件利用该漏洞写入任意文件。

Severity

中

Patch Name

DotNetZip.Semvered目录遍历漏洞的补丁

Patch Description

DotNetZip.Semvered是一个用于处理zip文件的库，它用于创建、提取或更新zip文件。 DotNetZip.Semvered 1.11.0之前版本中存在目录遍历漏洞。攻击者可借助带有目录遍历名称的特制的zip归档文件利用该漏洞写入任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366

Reference

https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366

Impacted products

Name
DotNetZip.Semvered DotNetZip.Semvered <1.11.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1002205",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002205"
    }
  },
  "description": "DotNetZip.Semvered\u662f\u4e00\u4e2a\u7528\u4e8e\u5904\u7406zip\u6587\u4ef6\u7684\u5e93\uff0c\u5b83\u7528\u4e8e\u521b\u5efa\u3001\u63d0\u53d6\u6216\u66f4\u65b0zip\u6587\u4ef6\u3002\r\n\r\nDotNetZip.Semvered 1.11.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e26\u6709\u76ee\u5f55\u904d\u5386\u540d\u79f0\u7684\u7279\u5236\u7684zip\u5f52\u6863\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14349",
  "openTime": "2018-08-01",
  "patchDescription": "DotNetZip.Semvered\u662f\u4e00\u4e2a\u7528\u4e8e\u5904\u7406zip\u6587\u4ef6\u7684\u5e93\uff0c\u5b83\u7528\u4e8e\u521b\u5efa\u3001\u63d0\u53d6\u6216\u66f4\u65b0zip\u6587\u4ef6\u3002\r\n\r\nDotNetZip.Semvered 1.11.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e26\u6709\u76ee\u5f55\u904d\u5386\u540d\u79f0\u7684\u7279\u5236\u7684zip\u5f52\u6863\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "DotNetZip.Semvered\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "DotNetZip.Semvered DotNetZip.Semvered \u003c1.11.0"
  },
  "referenceLink": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-31",
  "title": "DotNetZip.Semvered\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1002205 (GCVE-0-2018-1002205)

GSD-2018-1002205

FKIE_CVE-2018-1002205

GHSA-7378-6268-4278

ICSA-23-262-03

CNVD-2018-14349

Tags

Sightings

Nomenclature