Bit7z
Monthly
Arbitrary file overwrite in bit7z prior to version 4.0.12 is possible through a symlink attack targeting the predictable temporary file (`<archive_path>.tmp`) created during archive update operations. An attacker with write access to the archive directory can pre-place a symlink at that path pointing to a sensitive target file; when a process subsequently calls bit7z to update an archive, the library follows the symlink and overwrites the target with archive data. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though its low-complexity prerequisites on POSIX systems make it a meaningful risk in shared-directory or multi-tenant environments.
Bit7z versions prior to 4.0.11 contain a path traversal vulnerability that allows arbitrary file writes outside the intended extraction directory when processing malicious archives through relative paths, absolute paths, or symbolic links. Applications using bit7z to extract untrusted archives are affected, enabling attackers to overwrite critical files with the privileges of the extraction process. Public exploit code exists for this vulnerability.
Arbitrary file overwrite in bit7z prior to version 4.0.12 is possible through a symlink attack targeting the predictable temporary file (`<archive_path>.tmp`) created during archive update operations. An attacker with write access to the archive directory can pre-place a symlink at that path pointing to a sensitive target file; when a process subsequently calls bit7z to update an archive, the library follows the symlink and overwrites the target with archive data. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though its low-complexity prerequisites on POSIX systems make it a meaningful risk in shared-directory or multi-tenant environments.
Bit7z versions prior to 4.0.11 contain a path traversal vulnerability that allows arbitrary file writes outside the intended extraction directory when processing malicious archives through relative paths, absolute paths, or symbolic links. Applications using bit7z to extract untrusted archives are affected, enabling attackers to overwrite critical files with the privileges of the extraction process. Public exploit code exists for this vulnerability.