CVE-2026-45384
MEDIUM
6,1
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: low
Description
AI Translation Available
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 4 Days)
59
Improper Link Resolution Before File Access ('Link Following')
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Other
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Bypass Protection Mechanism
Execute Unauthorized Code Or Commands
Applicable Platforms
Operating Systems:
Windows, Unix
377
Insecure Temporary File
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Applicable Platforms
All platforms may be affected
https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h
https://github.com/rikyoz/bit7z/releases/tag/v4.0.12
https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h