Описание
Sender can cause a receiver to overwrite files during ZIP extraction in Croc
An issue was discovered in Croc before 9.6.16. A sender can cause a receiver to overwrite files during ZIP extraction.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-43616
- https://github.com/schollz/croc/issues/594
- https://github.com/schollz/croc/pull/698
- https://github.com/schollz/croc/commit/4929635eb875d2304e9415b8f4aa62af9e1a2339
- https://www.openwall.com/lists/oss-security/2023/09/08/2
- http://www.openwall.com/lists/oss-security/2023/09/21/5
Пакеты
Наименование
github.com/schollz/croc
go
Затронутые версииВерсия исправления
< 9.6.16
9.6.16
Связанные уязвимости
CVSS3: 5.5
nvd
больше 2 лет назад
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.
CVSS3: 5.5
debian
больше 2 лет назад
An issue was discovered in Croc through 9.6.5. A sender can cause a re ...