Rust 1.64, to be released on September 22nd, will include a fix for it. The vulnerability is present in all versions of Cargo. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.Ĭargo is a package manager for the rust programming language. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution.
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. Attempts to restart the application would result in a crash and would require manually removing the malformed file. In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. This issue has been patched in version 1.4.5. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences.
Jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
0 kommentar(er)
