CVE-2023-22899

Опубликовано: 10 янв. 2023

Источник: redhat

CVSS3: 5.9

Описание

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Decision Manager 7	org.drools-droolsjbpm-integration	Out of support scope
Migration Toolkit for Runtimes 1 on RHEL 8	org.jboss.windup-windup-parent	Fixed	RHSA-2023:3814	27.06.2023
MTA-6.2-RHEL-9	mta/mta-operator-bundle	Fixed	RHSA-2023:4627	14.08.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-346

https://bugzilla.redhat.com/show_bug.cgi?id=2185278zip4j: does not always check the MAC when decrypting a ZIP archive

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2023-22899

CVSS3: 5.9

ubuntu

около 3 лет назад

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

CVE-2023-22899

CVSS3: 5.9

nvd

около 3 лет назад

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

CVE-2023-22899

CVSS3: 5.9

debian

около 3 лет назад

Zip4j through 2.11.2, as used in Threema and other products, does not ...

GHSA-2pj2-gchf-wmw7

CVSS3: 5.9

github

около 3 лет назад

Zip4j Origin Validation Error

5.9 Medium

CVSS3