CVE-2022-36943 - lack of sanitization on paths which are symlinks #662
Labels
Comments
jhudsonWA
added a commit
that referenced
this issue
Feb 22, 2023
Ensure that symlinks created during unzip does not escape the target directory. Resolves issue: #662 by ensuring that all unpacked symlinks stay within the top-level target directory.
|
Fixed in 2.5.4 |
|
Are there any plans to fix this vulnerability for releases before As far as I know, there were introduced breaking changes with iOS 15+ as the minimal supported system OS version starting from the cc: @jhudsonWA |
|
No. #692 |
|
You may fork the project and attempt to lower the OS version requirements, but we're not supporting that ourselves. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
GHSA-vgvw-6xcf-qqfc
Expected behavior
Symlinks which are not relative to the destination path should be ignored unless the user explicitly requests it.
Actual behavior
An attacker can embed a symlink in a ZIP archive pointing to a location of their choosing as the first file in the archive to first create the symlink. If a regular file in the ZIP has the same name as the symlink, the library will open and implicitly follow the symlink using an fopen() call, and the contents of the file are written to the symlink target.
Version of ZipArchive
<=2.5.3
The text was updated successfully, but these errors were encountered: