schollz/croc

schollz/croc

Releases189

Frequency2 weeks 2 days

Last Release about 1 month ago

Stars35.4K

Easily and securely send things from one computer to another :crocodile: :package:

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-43616 ↗	Sep 20, 2023Wednesday, 20 September 2023, 06:15	5.5 MEDIUM	—
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.
CVE-2023-43617 ↗	Sep 20, 2023Wednesday, 20 September 2023, 06:15	5.3 MEDIUM	—
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.
CVE-2023-43618 ↗	Sep 20, 2023Wednesday, 20 September 2023, 06:15	5.3 MEDIUM	—
An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.
CVE-2023-43619 ↗	Sep 20, 2023Wednesday, 20 September 2023, 06:15	7.8 HIGH	—
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.
CVE-2023-43620 ↗	Sep 20, 2023Wednesday, 20 September 2023, 06:15	7.8 HIGH	—
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.
CVE-2023-43621 ↗	Sep 20, 2023Wednesday, 20 September 2023, 06:15	4.7 MEDIUM	—
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.