CVE-2022-21675 is a path traversal vulnerability classified under CWE-22 affecting versions of the Konloch bytecode-viewer (BCV) prior to 2.11.0. BCV is a Java/Android reverse engineering suite used for analyzing bytecode in various archive formats. The vulnerability arises from improper validation of archive extraction paths, allowing specially crafted archives containing directory traversal sequences (e.g., ../../evil.exe) to overwrite arbitrary files on the victim's filesystem during extraction. This type of vulnerability is commonly referred to as "Zip Slip" and can affect multiple archive formats including zip, jar, tar, war, cpio, apk, rar, and 7z. Exploitation enables an attacker to write or overwrite executable files, potentially leading to remote code execution if the overwritten files are executed either manually by the user or automatically by the system. In web application contexts, an attacker could place a web shell within the application directory, facilitating remote command execution and persistent access. The vulnerability does not require prior authentication or user interaction beyond the extraction of the malicious archive. The only effective remediation is upgrading BCV to version 2.11.0 or later, which contains the patch to properly sanitize extraction paths and prevent directory traversal. No alternative workarounds are recommended, and as of the information provided, there are no known exploits in the wild targeting this vulnerability.

For European organizations, the impact of this vulnerability can be significant, especially for those involved in software development, reverse engineering, or security research that utilize the Konloch bytecode-viewer. Successful exploitation could lead to arbitrary file writes, enabling attackers to overwrite critical system or application files, implant malware, or establish persistent backdoors. This could compromise the confidentiality, integrity, and availability of affected systems. In environments where BCV is integrated into automated workflows or CI/CD pipelines, the risk of widespread compromise increases. Additionally, organizations running web applications that process archives using BCV could face remote code execution attacks, leading to data breaches, service disruption, or lateral movement within networks. Although no active exploits are reported, the ease of exploitation and potential for severe consequences necessitate prompt action. The medium severity rating reflects the balance between the need for user interaction (archive extraction) and the high impact of arbitrary file writes and potential remote code execution.

1. Immediate upgrade of all instances of Konloch bytecode-viewer to version 2.11.0 or later to apply the official patch addressing the path traversal vulnerability. 2. Implement strict validation and sanitization of archive contents before extraction, including verifying that extracted file paths do not escape intended directories. 3. Employ sandboxing or containerization for environments where BCV is used to limit the impact of potential exploitation. 4. Restrict permissions of the user accounts running BCV to minimize the ability to overwrite critical system files. 5. Monitor file system changes in directories where archives are extracted, using file integrity monitoring tools to detect unauthorized modifications. 6. Educate users and administrators about the risks of extracting untrusted archives and enforce policies to avoid processing archives from unverified sources. 7. Where possible, integrate automated scanning for malicious archive contents in the workflow before extraction. 8. Maintain up-to-date backups of critical systems and data to enable recovery in case of compromise.