Miggo Logo

CVE-2018-1002206: Directory Traversal in SharpCompress

5.5

CVSS Score
3.0

Basic Information

EPSS Score
0.84688%
Published
9/11/2019
Updated
3/24/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
sharpcompressnuget< 0.21.00.21.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows critical path validation logic was added to WriteToDirectory: 1) Added Path.GetFullPath() calls to resolve relative paths 2) Implemented checks that destination paths start with the full destination directory path. The vulnerability manifest in this function because it handled user-controlled archive entry paths without proper containment checks. The added test Zip_Evil_Throws_Exception confirms this was the attack vector by testing malicious ../ paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

S**rp*ompr*ss prior to v*rsion *.** is vuln*r**l* to p*t* tr*v*rs*l issu* in *r**iv* *xtr**tion.

Reasoning

T** *ommit *i** s*ows *riti**l p*t* v*li**tion lo*i* w*s ***** to Writ*To*ir**tory: *) ***** P*t*.**t*ullP*t*() **lls to r*solv* r*l*tiv* p*t*s *) Impl*m*nt** ****ks t**t **stin*tion p*t*s st*rt wit* t** *ull **stin*tion *ir**tory p*t*. T** vuln*r**i