CVE-2018-1002202
Directory Traversal vulnerability in zip4j (Maven)
What is CVE-2018-1002202 About?
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write arbitrary files. This occurs when a user extracts a Zip archive containing '`../`' (dot dot slash) sequences in entry paths. Exploitation is simple, requiring only the creation and distribution of a malicious Zip file.
Affected Software
Technical Details
The zip4j library, prior to version 1.3.3, fails to properly sanitize file paths within a Zip archive during extraction. Specifically, it does not adequately detect or neutralize directory traversal sequences such as '../' (dot dot slash). An attacker can craft a Zip archive where an entry's stored file path includes these sequences, designed to navigate outside the intended extraction directory. When a user extracts this malicious archive, the zip4j library will resolve these paths literally, causing files to be written to arbitrary locations on the file system, potentially overwriting critical system files, injecting malicious executables, or creating files in sensitive directories.
What is the Impact of CVE-2018-1002202?
Successful exploitation may allow attackers to write arbitrary files to the file system, leading to remote code execution, denial of service, or unauthorized data modification.
What is the Exploitability of CVE-2018-1002202?
Exploitation of this directory traversal (Zip-Slip) vulnerability is low complexity. It primarily requires an attacker to distribute a specially crafted Zip archive to a victim. No authentication or elevated privileges are necessary on the target system for the initial decompression, as the vulnerability lies in the zip4j library's handling of archive entry paths. This is typically a local vulnerability in the context of file extraction by the user, but can have remote implications if an application automatically extracts untrusted archives. The primary risk factor is end-users downloading and extracting untrusted Zip files, or automated systems processing such archives without robust path validation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| iris-sast | Link | CWE-Bench-Java CVE-2018-1002202 versions 1.3.2, 1.3.3 |
| shoucheng3 | Link | PoC for CVE-2018-1002202 |
What are the Available Fixes for CVE-2018-1002202?
Available Upgrade Options
- net.lingala.zip4j:zip4j
- <1.3.3 → Upgrade to 1.3.3
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03895en_us
- https://snyk.io/research/zip-slip-vulnerability
- https://osv.dev/vulnerability/GHSA-2rpm-4x8c-pvqg
- https://github.com/snyk/zip-slip-vulnerability
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03895en_us
- https://github.com/snyk/zip-slip-vulnerability
- https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679
- https://snyk.io/research/zip-slip-vulnerability
- https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679
- https://nvd.nist.gov/vuln/detail/CVE-2018-1002202
What are Similar Vulnerabilities to CVE-2018-1002202?
Similar Vulnerabilities: CVE-2007-6725 , CVE-2018-20250 , CVE-2019-14811 , CVE-2020-25659 , CVE-2021-39293
