Описание
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
Ссылки
- Third Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.11.2 (включая)
cpe:2.3:a:zip4j_project:zip4j:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00224
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-346
CWE-346
Связанные уязвимости
CVSS3: 5.9
ubuntu
около 3 лет назад
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
CVSS3: 5.9
redhat
около 3 лет назад
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
CVSS3: 5.9
debian
около 3 лет назад
Zip4j through 2.11.2, as used in Threema and other products, does not ...
EPSS
Процентиль: 45%
0.00224
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-346
CWE-346