Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by rikyoz
CVE-2026-45380 (GCVE-0-2026-45380)
Vulnerability from cvelistv5 – Published: 2026-06-10 20:00 – Updated: 2026-06-11 14:13
VLAI
Title
bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`
Summary
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform, creates a symlink escaping the intended output directory. Subsequent archive entries extracted through this symlink write arbitrary files outside the extraction directory with the permissions of the extracting process. This issue has been patched in version 4.0.12.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/rikyoz/bit7z/security/advisori… | x_refsource_CONFIRM |
| https://github.com/rikyoz/bit7z/releases/tag/v4.0.12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45380",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T14:12:55.595820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T14:13:00.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-8wj8-9jwv-j24v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bit7z",
"vendor": "rikyoz",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform, creates a symlink escaping the intended output directory. Subsequent archive entries extracted through this symlink write arbitrary files outside the extraction directory with the permissions of the extracting process. This issue has been patched in version 4.0.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T20:00:24.177Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-8wj8-9jwv-j24v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-8wj8-9jwv-j24v"
},
{
"name": "https://github.com/rikyoz/bit7z/releases/tag/v4.0.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rikyoz/bit7z/releases/tag/v4.0.12"
}
],
"source": {
"advisory": "GHSA-8wj8-9jwv-j24v",
"discovery": "UNKNOWN"
},
"title": "bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45380",
"datePublished": "2026-06-10T20:00:24.177Z",
"dateReserved": "2026-05-12T00:51:29.086Z",
"dateUpdated": "2026-06-11T14:13:00.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45384 (GCVE-0-2026-45384)
Vulnerability from cvelistv5 – Published: 2026-06-10 20:00 – Updated: 2026-06-11 13:38
VLAI
Title
bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update
Summary
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/rikyoz/bit7z/security/advisori… | x_refsource_CONFIRM |
| https://github.com/rikyoz/bit7z/releases/tag/v4.0.12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45384",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T13:38:29.357196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T13:38:43.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bit7z",
"vendor": "rikyoz",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377: Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T20:00:19.899Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h"
},
{
"name": "https://github.com/rikyoz/bit7z/releases/tag/v4.0.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rikyoz/bit7z/releases/tag/v4.0.12"
}
],
"source": {
"advisory": "GHSA-wjch-42rm-q53h",
"discovery": "UNKNOWN"
},
"title": "bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45384",
"datePublished": "2026-06-10T20:00:19.899Z",
"dateReserved": "2026-05-12T00:51:29.087Z",
"dateUpdated": "2026-06-11T13:38:43.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27117 (GCVE-0-2026-27117)
Vulnerability from cvelistv5 – Published: 2026-02-24 21:46 – Updated: 2026-02-26 21:33
VLAI
Title
bit7z has a path traversal vulnerability
Summary
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive entries, allowing files to be written outside the intended extraction directory through three distinct mechanisms: relative path traversal, absolute path traversal, and symbolic link traversal. An attacker can exploit this by providing a malicious archive to any application that uses bit7z to extract untrusted archives. Successful exploitation results in arbitrary file write with the privileges of the process performing the extraction. This could lead to overwriting of application binaries, configuration files, or other sensitive data. The vulnerability does not directly enable reading of file contents; the confidentiality impact is limited to the calling application's own behavior after extraction. However, applications that subsequently serve or display extracted files may face secondary confidentiality risks from attacker-created symlinks. Fixes have been released in version 4.0.11. If upgrading is not immediately possible, users can mitigate the vulnerability by validating each entry's destination path before writing. Other mitigations include running extraction with least privilege and extracting untrusted archives in a sandboxed directory.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/rikyoz/bit7z/security/advisori… | x_refsource_CONFIRM |
| https://github.com/rikyoz/bit7z/commit/31763da9a3… | x_refsource_MISC |
| https://github.com/rikyoz/bit7z/commit/9e020483ee… | x_refsource_MISC |
| https://github.com/rikyoz/bit7z/releases/tag/v4.0.11 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T21:06:49.015939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T21:33:40.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bit7z",
"vendor": "rikyoz",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability (\"Zip Slip\") exists in bit7z\u0027s archive extraction functionality. The library does not adequately validate file paths contained in archive entries, allowing files to be written outside the intended extraction directory through three distinct mechanisms: relative path traversal, absolute path traversal, and symbolic link traversal. An attacker can exploit this by providing a malicious archive to any application that uses bit7z to extract untrusted archives. Successful exploitation results in arbitrary file write with the privileges of the process performing the extraction. This could lead to overwriting of application binaries, configuration files, or other sensitive data. The vulnerability does not directly enable reading of file contents; the confidentiality impact is limited to the calling application\u0027s own behavior after extraction. However, applications that subsequently serve or display extracted files may face secondary confidentiality risks from attacker-created symlinks. Fixes have been released in version 4.0.11. If upgrading is not immediately possible, users can mitigate the vulnerability by validating each entry\u0027s destination path before writing. Other mitigations include running extraction with least privilege and extracting untrusted archives in a sandboxed directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T21:46:12.714Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-qvjh-hhw4-3gx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-qvjh-hhw4-3gx9"
},
{
"name": "https://github.com/rikyoz/bit7z/commit/31763da9a3e41a199c141c8d71f6c11de24b45cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rikyoz/bit7z/commit/31763da9a3e41a199c141c8d71f6c11de24b45cf"
},
{
"name": "https://github.com/rikyoz/bit7z/commit/9e020483eefa5825ec9310b1d869933d4f77f969",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rikyoz/bit7z/commit/9e020483eefa5825ec9310b1d869933d4f77f969"
},
{
"name": "https://github.com/rikyoz/bit7z/releases/tag/v4.0.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rikyoz/bit7z/releases/tag/v4.0.11"
}
],
"source": {
"advisory": "GHSA-qvjh-hhw4-3gx9",
"discovery": "UNKNOWN"
},
"title": "bit7z has a path traversal vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27117",
"datePublished": "2026-02-24T21:46:12.714Z",
"dateReserved": "2026-02-17T18:42:27.043Z",
"dateUpdated": "2026-02-26T21:33:40.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}