CVE-2023-22899

Опубликовано: 10 янв. 2023

Источник: debian

EPSS Низкий

Описание

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

Пакет	Статус	Версия исправления	Релиз	Тип
zip4j	fixed	2.11.2-3		package
zip4j	no-dsa		bullseye	package

https://github.com/srikanth-lingala/zip4j/issues/485
https://github.com/srikanth-lingala/zip4j/commit/597b31afb473a40e8252de5b5def1876bab198d3

EPSS

Процентиль: 49%

0.0026

Низкий

CVE-2023-22899

CVSS3: 5.9

ubuntu

около 3 лет назад

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

CVE-2023-22899

CVSS3: 5.9

redhat

около 3 лет назад

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

CVE-2023-22899

CVSS3: 5.9

nvd

около 3 лет назад

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

GHSA-2pj2-gchf-wmw7

CVSS3: 5.9

github

около 3 лет назад

Zip4j Origin Validation Error

EPSS

Процентиль: 49%

0.0026

Низкий