- Home
- CVEs with nessus.description==This update for unzip fixes the following security issues :
CVE-2014-9913: Specially crafted zip files could trigger invalid
memory writes possibly resulting in DoS or corruption (bsc#1013993)
CVE-2015-7696: Specially crafted zip files with password protection
could trigger a crash and lead to denial of service (bsc#950110)
CVE-2015-7697: Specially crafted zip files could trigger an endless
loop and lead to denial of service (bsc#950111)
CVE-2016-9844: Specially crafted zip files could trigger invalid
memory writes possibly resulting in DoS or corruption (bsc#1013992)
CVE-2018-1000035: Prevent heap-based buffer overflow in the processing
of password-protected archives that allowed an attacker to perform a
denial of service or to possibly achieve code execution (bsc#1080074).
CVE-2014-9636: Prevent denial of service (out-of-bounds read or write
and crash) via an extra field with an uncompressed size smaller than
the compressed field size in a zip archive that advertises STORED
method compression (bsc#914442).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top