CVE-2021-32840

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32840

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32840.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32840

Aliases

GHSA-m22m-h4rf-pwq3

Downstream

UBUNTU-CVE-2021-32840

Published

2022-01-26T21:15:13.097Z

Modified

2026-06-18T04:06:41.781159837Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3.

References

Affected packages

Git / github.com/icsharpcode/sharpziplib

Affected ranges

Type

GIT

Repo

https://github.com/icsharpcode/sharpziplib

Events

Introduced

Fixed

1b1ab013ce1df02d8f27cf582197759c614d9126

Fixed

a0e96de70b5264f4c919b09253b1522bc7a221cc

Database specific

{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.3"
        }
    ],
    "cpe": "cpe:2.3:a:sharpziplib_project:sharpziplib:*:*:*:*:*:*:*:*"
}

Affected versions

0.*

0.84.0.0

0.85.0.0

0.85.1.271

0.85.2.329

0.85.3.365

0.85.4.369

0.85.5.452

0.86.0.518

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.3.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32840.json"