CVE-2018-1000035 - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-

CVE-2018-1000035

Summary

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

References

Vulnerable Configurations

cpe:2.3:a:unzip_project:unzip:5.51:*:*:*:*:*:*:*
cpe:2.3:a:unzip_project:unzip:5.51:*:*:*:*:*:*:*
cpe:2.3:a:unzip_project:unzip:5.52:*:*:*:*:*:*:*
cpe:2.3:a:unzip_project:unzip:5.52:*:*:*:*:*:*:*
cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*
cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

gentoo	GLSA-202003-58
misc	https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
mlist	[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update

Last major update

24-08-2020 - 17:37

Published

09-02-2018 - 23:29

Last modified

24-08-2020 - 17:37