Your submission was sent successfully! Close

CVE-2018-10860

Published: 29 June 2018

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libarchive-zip-perl
Launchpad, Ubuntu, Debian
artful
Released (1.59-1ubuntu0.1)
bionic
Released (1.60-1ubuntu0.1)
precise
Released (1.30-6ubuntu0.1)
trusty
Released (1.30-7ubuntu0.1)
upstream Needs triage

xenial
Released (1.56-2ubuntu0.1)
Patches:
other: https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327