BSA-2018-662

Brocade Fabric OS

2 more products

21635

28 August 2018

21 June 2018

Closed

Medium

N/A

N/A

CVE-2018-1002203, CVE-2018-1002204, CVE-2018-1002200, CVE-2018-1002201, CVE-2018-1002202, CVE-2018-1002205, CVE-2018-1002206, CVE-2018-1002207, CVE-2018-8008, CVE-2018-8009, CVE-2018-1261, CVE-2018-1263, CVE-2018-12036, CVE-2018-1002208, CVE-2018-1000544

Summary

Security Advisory ID : BSA-2018-662

Component : Zip Slip

Revision : 1.1: update

Snyk Security team  discloses a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution.
The flaw which has been named Zip Slip affects numerous archive-extraction libraries and archive formats. 
More information is available at: https://github.com/snyk/zip-slip-vulnerability.

Brocade updates its advisory as affected librairies are reported and investigated. 

Known CVEs

unzipper  CVE-2018-1002203
npm library CVE-2018-1002204
plexus-archiver  CVE-2018-1002200
zt-zip CVE-2018-1002201
zip4j CVE-2018-1002202
DotNetZip.Semverd CVE-2018-1002205
SharpCompress CVE-2018-1002206
Go library mholt/archiver CVE-2018-1002207
Apache Storm CVE-2018-8008
Apache Hadoop CVE-2018-8009
Pivotal Spring-integration-zip CVE-2018-1261, CVE-2018-1263
OWASP Dependency-Check CVE-2018-12036
Sharplibzip CVE-2018-1002208
Rubyzip CVE-2018-1000544

 Product Confirmed Non Vulnerable

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.

Version Change Date
1.0 Initial Publication June 21, 2018
1.1 Update Rubyzip, Sharplibzip August 29, 2018