BSA-2018-662
21635
28 August 2018
21 June 2018
Closed
Medium
N/A
N/A
CVE-2018-1002203, CVE-2018-1002204, CVE-2018-1002200, CVE-2018-1002201, CVE-2018-1002202, CVE-2018-1002205, CVE-2018-1002206, CVE-2018-1002207, CVE-2018-8008, CVE-2018-8009, CVE-2018-1261, CVE-2018-1263, CVE-2018-12036, CVE-2018-1002208, CVE-2018-1000544
Summary Security Advisory ID : BSA-2018-662
Component : Zip Slip
Revision : 1.1: update
Snyk Security team discloses a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution.
The flaw which has been named Zip Slip affects numerous archive-extraction libraries and archive formats.
More information is available at: https://github.com/snyk/zip-slip-vulnerability.
Brocade updates its advisory as affected librairies are reported and investigated.
Known CVEs
unzipper | CVE-2018-1002203 |
npm library | CVE-2018-1002204 |
plexus-archiver | CVE-2018-1002200 |
zt-zip | CVE-2018-1002201 |
zip4j | CVE-2018-1002202 |
DotNetZip.Semverd | CVE-2018-1002205 |
SharpCompress | CVE-2018-1002206 |
Go library mholt/archiver | CVE-2018-1002207 |
Apache Storm | CVE-2018-8008 |
Apache Hadoop | CVE-2018-8009 |
Pivotal Spring-integration-zip | CVE-2018-1261, CVE-2018-1263 |
OWASP Dependency-Check | CVE-2018-12036 |
Sharplibzip | CVE-2018-1002208 |
Rubyzip | CVE-2018-1000544 |
Product Confirmed Non Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | June 21, 2018 |
1.1 | Update Rubyzip, Sharplibzip | August 29, 2018 |