Description
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".
References (3)
Core 3
Core References
Exploit, Issue Tracking, Patch x_refsource_misc
https://github.com/pocoproject/poco/issues/1968
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4083
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/01/msg00013.html
Scores
CVSS v3
6.5
EPSS
0.0168
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (3)
debian/debian_linux
8.0
debian/debian_linux
9.0
pocoproject/poco
< 1.8
Published
Jan 03, 2018
Tracked Since
Feb 18, 2026