Szafirhost
Monthly
Remote code execution in SzafirHost (KIR's Szafir electronic-signature host application) arises from a ZIP/JAR parser-confusion flaw: signature verification reads the archive's Central Directory while extraction reads local file headers sequentially, letting an attacker who controls the served native-library archive smuggle an unsigned malicious DLL/SO/DYLIB past the signature check. Versions prior to 1.2.2 are affected; the injected library is written to the native temp directory and loaded, yielding code execution on the victim's machine. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Remote code execution in SzafirHost before 1.2.1 allows unauthenticated attackers to bypass JAR signature verification through a ZIP file smuggling technique. The vulnerability exploits a discrepancy between verification logic (JarInputStream reading from file beginning) and class loading (JarFile/URLClassLoader reading Central Directory from file end), enabling attackers to combine a legitimately signed JAR with malicious classes. CERT-PL confirmed this vulnerability, and the vendor released patch version 1.2.1. EPSS data not available, not listed in CISA KEV, requiring user interaction (UI:A) for exploitation.
Remote code execution in SzafirHost (KIR's Szafir electronic-signature host application) arises from a ZIP/JAR parser-confusion flaw: signature verification reads the archive's Central Directory while extraction reads local file headers sequentially, letting an attacker who controls the served native-library archive smuggle an unsigned malicious DLL/SO/DYLIB past the signature check. Versions prior to 1.2.2 are affected; the injected library is written to the native temp directory and loaded, yielding code execution on the victim's machine. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Remote code execution in SzafirHost before 1.2.1 allows unauthenticated attackers to bypass JAR signature verification through a ZIP file smuggling technique. The vulnerability exploits a discrepancy between verification logic (JarInputStream reading from file beginning) and class loading (JarFile/URLClassLoader reading Central Directory from file end), enabling attackers to combine a legitimately signed JAR with malicious classes. CERT-PL confirmed this vulnerability, and the vendor released patch version 1.2.1. EPSS data not available, not listed in CISA KEV, requiring user interaction (UI:A) for exploitation.