CVE-2019-16511 - OpenCVE

An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Firegiant	Wix Toolset

Configuration 1 [-]

cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/GitHubAssessments/CVE_Assessments_09_2019
https://github.com/wixtoolset/issues/issues/6075
https://wixtoolset.org/development/wips/6075-dtf-zip-slip/
https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-19T15:54:04

Updated: 2024-08-05T01:17:40.836Z

Reserved: 2019-09-19T00:00:00

Link: CVE-2019-16511

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-19T16:15:11.777

Modified: 2019-11-04T18:15:12.280

Link: CVE-2019-16511

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-04T17:53:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/wixtoolset/issues/issues/6075"}, {"tags": ["x_refsource_MISC"], "url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16511", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/wixtoolset/issues/issues/6075", "refsource": "MISC", "url": "https://github.com/wixtoolset/issues/issues/6075"}, {"name": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/", "refsource": "MISC", "url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"}, {"name": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/", "refsource": "MISC", "url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"}, {"name": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019", "refsource": "MISC", "url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:17:40.836Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wixtoolset/issues/issues/6075"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16511", "datePublished": "2019-09-19T15:54:04", "dateReserved": "2019-09-19T00:00:00", "dateUpdated": "2024-08-05T01:17:40.836Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED50D663-0FAF-46D1-827C-A1D32AEFC98B", "versionEndExcluding": "3.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."}, {"lang": "es", "value": "Se detect\u00f3 un problema en DTF en FireGiant WiX Toolset versiones anteriores a 3.11.2. Las bibliotecas Microsoft.Deployment.Compression.Cab.dll y Microsoft.Deployment.Compression.Zip.dll, permiten un salto de directorio durante la extracci\u00f3n de archivos CAB o ZIP, porque el nombre completo de un archivo (incluso con una secuencia ../) se concatena con la ruta de destino."}], "id": "CVE-2019-16511", "lastModified": "2019-11-04T18:15:12.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-19T16:15:11.777", "references": [{"source": "cve@mitre.org", "url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/wixtoolset/issues/issues/6075"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}