-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-36943 - lack of sanitization on paths which are symlinks #662
Comments
Ensure that symlinks created during unzip does not escape the target directory. Resolves issue: #662 by ensuring that all unpacked symlinks stay within the top-level target directory.
Fixed in 2.5.4 |
Are there any plans to fix this vulnerability for releases before As far as I know, there were introduced breaking changes with iOS 15+ as the minimal supported system OS version starting from the cc: @jhudsonWA |
No. #692 |
You may fork the project and attempt to lower the OS version requirements, but we're not supporting that ourselves. |
Steps to reproduce
GHSA-vgvw-6xcf-qqfc
Expected behavior
Symlinks which are not relative to the destination path should be ignored unless the user explicitly requests it.
Actual behavior
An attacker can embed a symlink in a ZIP archive pointing to a location of their choosing as the first file in the archive to first create the symlink. If a regular file in the ZIP has the same name as the symlink, the library will open and implicitly follow the symlink using an fopen() call, and the contents of the file are written to the symlink target.
Version of ZipArchive
<=2.5.3
The text was updated successfully, but these errors were encountered: