CVE-2025-4748

Sažetak

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Reference

https://github.com/erlang/otp/pull/9941
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
https://www.erlang.org/doc/system/versions.html#order-of-versions
http://www.openwall.com/lists/oss-security/2025/06/16/5

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

16-06-2025 - 20:15

Objavljeno

16-06-2025 - 11:15