CVE-2021-21706
ZipArchive::extractTo may extract outside of destination dir
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
En PHP versiones de 7.3.x por debajo de 7.3.31, versiones 7.4.x por debajo de 7.4.24 y 8.0.x por debajo de 8.0.11, en el entorno de Microsoft Windows, la función ZipArchive::extractTo puede ser engañada para escribir un archivo fuera del directorio de destino cuando es extraído un archivo ZIP, causando así potencialmente una creación o sobreescritura de archivos, sujeto a los permisos del Sistema Operativo
*Credits:
reported by vi at hackberry dot xyz
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-10-04 CVE Published
- 2024-06-06 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-24: Path Traversal: '../filedir'
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20211029-0007 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=81420 | 2021-11-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.3.0 < 7.3.31 Search vendor "Php" for product "Php" and version " >= 7.3.0 < 7.3.31" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.4.0 < 7.4.24 Search vendor "Php" for product "Php" and version " >= 7.4.0 < 7.4.24" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.0.0 < 8.0.11 Search vendor "Php" for product "Php" and version " >= 8.0.0 < 8.0.11" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|