CVE-2019-16511 - OpenCVE

An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Firegiant	Wix Toolset

Configuration 1 [-]

cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/GitHubAssessments/CVE_Assessments_09_2019
https://github.com/wixtoolset/issues/issues/6075	Patch Third Party Advisory
https://wixtoolset.org/development/wips/6075-dtf-zip-slip/	Third Party Advisory
https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-19T15:54:04

Updated: 2019-11-04T17:53:06

Reserved: 2019-09-19T00:00:00

Link: CVE-2019-16511

JSON object: View

NVD Information

Status : Modified

Published: 2019-09-19T16:15:11.777

Modified: 2019-11-04T18:15:12.280

Link: CVE-2019-16511

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-04T17:53:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/wixtoolset/issues/issues/6075"}, {"tags": ["x_refsource_MISC"], "url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16511", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/wixtoolset/issues/issues/6075", "refsource": "MISC", "url": "https://github.com/wixtoolset/issues/issues/6075"}, {"name": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/", "refsource": "MISC", "url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"}, {"name": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/", "refsource": "MISC", "url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"}, {"name": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019", "refsource": "MISC", "url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16511", "datePublished": "2019-09-19T15:54:04", "dateReserved": "2019-09-19T00:00:00", "dateUpdated": "2019-11-04T17:53:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED50D663-0FAF-46D1-827C-A1D32AEFC98B", "versionEndExcluding": "3.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."}, {"lang": "es", "value": "Se detect\u00f3 un problema en DTF en FireGiant WiX Toolset versiones anteriores a 3.11.2. Las bibliotecas Microsoft.Deployment.Compression.Cab.dll y Microsoft.Deployment.Compression.Zip.dll, permiten un salto de directorio durante la extracci\u00f3n de archivos CAB o ZIP, porque el nombre completo de un archivo (incluso con una secuencia ../) se concatena con la ruta de destino."}], "id": "CVE-2019-16511", "lastModified": "2019-11-04T18:15:12.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-19T16:15:11.777", "references": [{"source": "cve@mitre.org", "url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/wixtoolset/issues/issues/6075"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}