Bug 1098354 - (CVE-2018-1002209) VUL-0: CVE-2018-1002209: quazip: arbitrary file write vulnerability achieved by using a specially crafted zip archive
VUL-0: CVE-2018-1002209: quazip: arbitrary file write vulnerability achieved ...
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Cristian Rodríguez
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2018-06-20 08:13 UTC by Alexander Bergmann
Modified: 2022-04-18 07:02 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-06-20 08:13:13 UTC

A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level APIs that provide the archive extraction functionality.


Comment 1 Christophe Marin 2022-04-18 07:02:01 UTC
Addressed years ago. None of the supported openSUSE version ships quazip < 0.7.6