CVE-2023-43616 - Vulnerability Details - OpenCVE

ReportizFlow

An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schollz	Croc

Configuration 1 [-]

cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/09/21/5
https://github.com/schollz/croc/issues/594
https://www.openwall.com/lists/oss-security/2023/09/08/2

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-20T00:00:00

Updated: 2024-08-02T19:44:43.703Z

Reserved: 2023-09-20T00:00:00

Link: CVE-2023-43616

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-09-20T06:15:10.523

Modified: 2024-11-21T08:24:28.283

Link: CVE-2023-43616

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B173A01-5175-444D-9651-68AD4E2C30C2", "versionEndIncluding": "9.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Croc hasta la versi\u00f3n 9.6.5. Un remitente puede hacer que un receptor sobrescriba archivos durante la extracci\u00f3n ZIP."}], "id": "CVE-2023-43616", "lastModified": "2024-11-21T08:24:28.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-09-20T06:15:10.523", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/schollz/croc/issues/594"}, {"source": "[email protected]", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2023/09/08/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/schollz/croc/issues/594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2023/09/08/2"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Primary"}]}