Vulnerabilites related to unzip_project - unzip
cve-2014-8141
Vulnerability from cvelistv5
Published
2020-01-31 22:08
Modified
2024-08-06 13:10
Severity ?
Summary
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Impacted products
Vendor Product Version
Info-ZIP UnZip Version: 6.0 and earlier
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:10:50.905Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ocert.org/advisories/ocert-2014-011.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:0700",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174856",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1031433",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "UnZip",
               vendor: "Info-ZIP",
               versions: [
                  {
                     status: "affected",
                     version: "6.0 and earlier",
                  },
               ],
            },
         ],
         datePublic: "2014-12-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Buffer Overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-31T22:08:18",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ocert.org/advisories/ocert-2014-011.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:0700",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174856",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securitytracker.com/id/1031433",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-8141",
      datePublished: "2020-01-31T22:08:18",
      dateReserved: "2014-10-10T00:00:00",
      dateUpdated: "2024-08-06T13:10:50.905Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-8140
Vulnerability from cvelistv5
Published
2020-01-31 22:00
Modified
2024-08-06 13:10
Severity ?
Summary
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Impacted products
Vendor Product Version
Info-ZIP UnZip Version: 6.0 and earlier
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:10:50.891Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ocert.org/advisories/ocert-2014-011.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:0700",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174851",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1031433",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "UnZip",
               vendor: "Info-ZIP",
               versions: [
                  {
                     status: "affected",
                     version: "6.0 and earlier",
                  },
               ],
            },
         ],
         datePublic: "2014-12-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Buffer Overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-31T22:00:32",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ocert.org/advisories/ocert-2014-011.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:0700",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174851",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securitytracker.com/id/1031433",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-8140",
      datePublished: "2020-01-31T22:00:32",
      dateReserved: "2014-10-10T00:00:00",
      dateUpdated: "2024-08-06T13:10:50.891Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-9844
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:59
Severity ?
Summary
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:59:03.461Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "94728",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/94728",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
               },
               {
                  name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
               },
               {
                  name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
               },
               {
                  name: "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-12-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-01-19T10:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "94728",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/94728",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
            },
            {
               name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
            },
            {
               name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
            },
            {
               name: "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-9844",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "94728",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/94728",
                  },
                  {
                     name: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                     refsource: "CONFIRM",
                     url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                  },
                  {
                     name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
                  },
                  {
                     name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
                  },
                  {
                     name: "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-9844",
      datePublished: "2017-01-18T17:00:00",
      dateReserved: "2016-12-05T00:00:00",
      dateUpdated: "2024-08-06T02:59:03.461Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7696
Vulnerability from cvelistv5
Published
2015-11-06 18:00
Modified
2024-08-06 07:58
Severity ?
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
References
http://www.ubuntu.com/usn/USN-2788-2vendor-advisory, x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2015/09/07/4mailing-list, x_refsource_MLIST
http://www.debian.org/security/2015/dsa-3386vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1034027vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-2788-1vendor-advisory, x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2015/09/21/6mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2015/09/15/6mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/76863vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2015/10/11/5mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:58:59.891Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-2788-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2788-2",
               },
               {
                  name: "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
               },
               {
                  name: "DSA-3386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3386",
               },
               {
                  name: "1034027",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034027",
               },
               {
                  name: "USN-2788-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2788-1",
               },
               {
                  name: "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/09/21/6",
               },
               {
                  name: "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
               },
               {
                  name: "76863",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/76863",
               },
               {
                  name: "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-09-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-05T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "USN-2788-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2788-2",
            },
            {
               name: "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
            },
            {
               name: "DSA-3386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3386",
            },
            {
               name: "1034027",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034027",
            },
            {
               name: "USN-2788-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2788-1",
            },
            {
               name: "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/09/21/6",
            },
            {
               name: "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
            },
            {
               name: "76863",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/76863",
            },
            {
               name: "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-7696",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-2788-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2788-2",
                  },
                  {
                     name: "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
                  },
                  {
                     name: "DSA-3386",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3386",
                  },
                  {
                     name: "1034027",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034027",
                  },
                  {
                     name: "USN-2788-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2788-1",
                  },
                  {
                     name: "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/09/21/6",
                  },
                  {
                     name: "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
                  },
                  {
                     name: "76863",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/76863",
                  },
                  {
                     name: "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-7696",
      datePublished: "2015-11-06T18:00:00",
      dateReserved: "2015-10-04T00:00:00",
      dateUpdated: "2024-08-06T07:58:59.891Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-8139
Vulnerability from cvelistv5
Published
2020-01-31 22:00
Modified
2024-08-06 13:10
Severity ?
Summary
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Impacted products
Vendor Product Version
Info-ZIP UnZip Version: 6.0 and earlier
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:10:51.008Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ocert.org/advisories/ocert-2014-011.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:0700",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174844",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1031433",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "UnZip",
               vendor: "Info-ZIP",
               versions: [
                  {
                     status: "affected",
                     version: "6.0 and earlier",
                  },
               ],
            },
         ],
         datePublic: "2014-12-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Buffer Overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-31T22:00:28",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ocert.org/advisories/ocert-2014-011.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:0700",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174844",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securitytracker.com/id/1031433",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-8139",
      datePublished: "2020-01-31T22:00:28",
      dateReserved: "2014-10-10T00:00:00",
      dateUpdated: "2024-08-06T13:10:51.008Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0529
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-02 23:32
Severity ?
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Impacted products
Vendor Product Version
n/a unzip Version: 6.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:32:46.417Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/ByteHackr/unzip_poc",
               },
               {
                  name: "DSA-5202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5202",
               },
               {
                  name: "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202310-17",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "unzip",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "6.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "SEGV",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-22T18:06:04",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/ByteHackr/unzip_poc",
            },
            {
               name: "DSA-5202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5202",
            },
            {
               name: "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
            },
            {
               url: "https://security.gentoo.org/glsa/202310-17",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-0529",
      datePublished: "2022-02-09T22:05:51",
      dateReserved: "2022-02-08T00:00:00",
      dateUpdated: "2024-08-02T23:32:46.417Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0530
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-02 23:32
Severity ?
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Impacted products
Vendor Product Version
n/a unzip Version: 6.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:32:46.404Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/ByteHackr/unzip_poc",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213257",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213256",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213255",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/33",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/35",
               },
               {
                  name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/May/38",
               },
               {
                  name: "DSA-5202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5202",
               },
               {
                  name: "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202310-17",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "unzip",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "6.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "SEGV",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-22T18:06:03",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/ByteHackr/unzip_poc",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213257",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213256",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT213255",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/33",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/35",
            },
            {
               name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/May/38",
            },
            {
               name: "DSA-5202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5202",
            },
            {
               name: "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
            },
            {
               url: "https://security.gentoo.org/glsa/202310-17",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-0530",
      datePublished: "2022-02-09T22:05:50",
      dateReserved: "2022-02-08T00:00:00",
      dateUpdated: "2024-08-02T23:32:46.404Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-13232
Vulnerability from cvelistv5
Published
2019-07-04 12:03
Modified
2024-08-04 23:49
Severity ?
Summary
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T23:49:23.565Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.bamsoftware.com/hacks/zipbomb/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/madler/unzip",
               },
               {
                  name: "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html",
               },
               {
                  name: "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190814-0002/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.f5.com/csp/article/K80311892?utm_source=f5support&amp%3Butm_medium=RSS",
               },
               {
                  name: "GLSA-202003-58",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-58",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-26T19:06:04",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.bamsoftware.com/hacks/zipbomb/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/madler/unzip",
            },
            {
               name: "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html",
            },
            {
               name: "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20190814-0002/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.f5.com/csp/article/K80311892?utm_source=f5support&amp%3Butm_medium=RSS",
            },
            {
               name: "GLSA-202003-58",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-58",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-13232",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.bamsoftware.com/hacks/zipbomb/",
                     refsource: "MISC",
                     url: "https://www.bamsoftware.com/hacks/zipbomb/",
                  },
                  {
                     name: "https://github.com/madler/unzip",
                     refsource: "MISC",
                     url: "https://github.com/madler/unzip",
                  },
                  {
                     name: "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html",
                  },
                  {
                     name: "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20190814-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20190814-0002/",
                  },
                  {
                     name: "https://support.f5.com/csp/article/K80311892?utm_source=f5support&utm_medium=RSS",
                     refsource: "CONFIRM",
                     url: "https://support.f5.com/csp/article/K80311892?utm_source=f5support&utm_medium=RSS",
                  },
                  {
                     name: "GLSA-202003-58",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-58",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-13232",
      datePublished: "2019-07-04T12:03:06",
      dateReserved: "2019-07-04T00:00:00",
      dateUpdated: "2024-08-04T23:49:23.565Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-36561
Vulnerability from cvelistv5
Published
2022-12-27 21:13
Modified
2024-08-04 17:30
Severity ?
Summary
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Impacted products
Vendor Product Version
github.com/yi-ge/unzip github.com/yi-ge/unzip Version: 0   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T17:30:08.435Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/yi-ge/unzip/pull/1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://snyk.io/research/zip-slip-vulnerability",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://pkg.go.dev/vuln/GO-2020-0035",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://pkg.go.dev",
               defaultStatus: "unaffected",
               packageName: "github.com/yi-ge/unzip",
               product: "github.com/yi-ge/unzip",
               programRoutines: [
                  {
                     name: "Unzip.Extract",
                  },
               ],
               vendor: "github.com/yi-ge/unzip",
               versions: [
                  {
                     lessThan: "1.0.3-0.20200308084313-2adbaa4891b9",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "CWE 29: Path Traversal: \"\\..\\filename\"",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-12T19:03:53.400Z",
            orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc",
            shortName: "Go",
         },
         references: [
            {
               url: "https://github.com/yi-ge/unzip/pull/1",
            },
            {
               url: "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73",
            },
            {
               url: "https://snyk.io/research/zip-slip-vulnerability",
            },
            {
               url: "https://pkg.go.dev/vuln/GO-2020-0035",
            },
         ],
         title: "Path traversal in github.com/yi-ge/unzip",
      },
   },
   cveMetadata: {
      assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc",
      assignerShortName: "Go",
      cveId: "CVE-2020-36561",
      datePublished: "2022-12-27T21:13:22.650Z",
      dateReserved: "2022-07-29T17:07:52.749Z",
      dateUpdated: "2024-08-04T17:30:08.435Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9913
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 14:02
Severity ?
Summary
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:02:36.717Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "95081",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/95081",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
               },
               {
                  name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
               },
               {
                  name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
               },
               {
                  name: "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
               },
               {
                  name: "[oss-security] 20141103 unzip -l crasher",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/11/03/5",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-01-19T10:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "95081",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/95081",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
            },
            {
               name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
            },
            {
               name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
            },
            {
               name: "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
            },
            {
               name: "[oss-security] 20141103 unzip -l crasher",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/11/03/5",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-9913",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "95081",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/95081",
                  },
                  {
                     name: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                     refsource: "CONFIRM",
                     url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                  },
                  {
                     name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
                  },
                  {
                     name: "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
                  },
                  {
                     name: "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
                  },
                  {
                     name: "[oss-security] 20141103 unzip -l crasher",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/11/03/5",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-9913",
      datePublished: "2017-01-18T17:00:00",
      dateReserved: "2016-12-05T00:00:00",
      dateUpdated: "2024-08-06T14:02:36.717Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1000035
Vulnerability from cvelistv5
Published
2018-02-09 23:00
Modified
2024-08-05 12:33
Severity ?
Summary
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:33:48.718Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
               },
               {
                  name: "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html",
               },
               {
                  name: "GLSA-202003-58",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-58",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         dateAssigned: "2018-02-01T00:00:00",
         datePublic: "2018-02-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-26T19:06:03",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
            },
            {
               name: "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html",
            },
            {
               name: "GLSA-202003-58",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-58",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               DATE_ASSIGNED: "2018-02-01 0:00:00",
               ID: "CVE-2018-1000035",
               REQUESTER: "research@sec-consult.com",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
                     refsource: "MISC",
                     url: "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
                  },
                  {
                     name: "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html",
                  },
                  {
                     name: "GLSA-202003-58",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-58",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-1000035",
      datePublished: "2018-02-09T23:00:00",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-08-05T12:33:48.718Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7697
Vulnerability from cvelistv5
Published
2015-11-06 18:00
Modified
2024-08-06 07:58
Severity ?
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
References
http://www.ubuntu.com/usn/USN-2788-2vendor-advisory, x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2015/09/07/4mailing-list, x_refsource_MLIST
http://www.debian.org/security/2015/dsa-3386vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1034027vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-2788-1vendor-advisory, x_refsource_UBUNTU
http://sourceforge.net/p/infozip/patches/23/x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/09/15/6mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/76863vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2015/10/11/5mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:58:59.903Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-2788-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2788-2",
               },
               {
                  name: "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
               },
               {
                  name: "DSA-3386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3386",
               },
               {
                  name: "1034027",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034027",
               },
               {
                  name: "USN-2788-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2788-1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/p/infozip/patches/23/",
               },
               {
                  name: "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
               },
               {
                  name: "76863",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/76863",
               },
               {
                  name: "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-09-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-05T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "USN-2788-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2788-2",
            },
            {
               name: "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
            },
            {
               name: "DSA-3386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3386",
            },
            {
               name: "1034027",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034027",
            },
            {
               name: "USN-2788-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2788-1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://sourceforge.net/p/infozip/patches/23/",
            },
            {
               name: "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
            },
            {
               name: "76863",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/76863",
            },
            {
               name: "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-7697",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-2788-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2788-2",
                  },
                  {
                     name: "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
                  },
                  {
                     name: "DSA-3386",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3386",
                  },
                  {
                     name: "1034027",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034027",
                  },
                  {
                     name: "USN-2788-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2788-1",
                  },
                  {
                     name: "http://sourceforge.net/p/infozip/patches/23/",
                     refsource: "MISC",
                     url: "http://sourceforge.net/p/infozip/patches/23/",
                  },
                  {
                     name: "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
                  },
                  {
                     name: "76863",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/76863",
                  },
                  {
                     name: "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-7697",
      datePublished: "2015-11-06T18:00:00",
      dateReserved: "2015-10-04T00:00:00",
      dateUpdated: "2024-08-06T07:58:59.903Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-9636
Vulnerability from cvelistv5
Published
2015-02-06 15:00
Modified
2024-08-06 13:47
Severity ?
Summary
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
References
http://seclists.org/oss-sec/2014/q4/1131mailing-list, x_refsource_MLIST
http://secunia.com/advisories/62738third-party-advisory, x_refsource_SECUNIA
https://security.gentoo.org/glsa/201611-01vendor-advisory, x_refsource_GENTOO
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/62751third-party-advisory, x_refsource_SECUNIA
http://seclists.org/oss-sec/2015/q1/216mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/71825vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-2489-1vendor-advisory, x_refsource_UBUNTU
http://www.debian.org/security/2015/dsa-3152vendor-advisory, x_refsource_DEBIAN
http://seclists.org/oss-sec/2014/q4/489mailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlx_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.htmlvendor-advisory, x_refsource_FEDORA
http://seclists.org/oss-sec/2014/q4/496mailing-list, x_refsource_MLIST
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:47:41.812Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2014/q4/1131",
               },
               {
                  name: "62738",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/62738",
               },
               {
                  name: "GLSA-201611-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201611-01",
               },
               {
                  name: "FEDORA-2015-1267",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html",
               },
               {
                  name: "62751",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/62751",
               },
               {
                  name: "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2015/q1/216",
               },
               {
                  name: "71825",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/71825",
               },
               {
                  name: "USN-2489-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2489-1",
               },
               {
                  name: "DSA-3152",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3152",
               },
               {
                  name: "[oss-security] 20141102 unzip -t crasher",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2014/q4/489",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
               },
               {
                  name: "FEDORA-2015-1189",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html",
               },
               {
                  name: "[oss-security] 20141103 Re: unzip -t crasher",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2014/q4/496",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-06-30T16:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2014/q4/1131",
            },
            {
               name: "62738",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/62738",
            },
            {
               name: "GLSA-201611-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201611-01",
            },
            {
               name: "FEDORA-2015-1267",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html",
            },
            {
               name: "62751",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/62751",
            },
            {
               name: "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2015/q1/216",
            },
            {
               name: "71825",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/71825",
            },
            {
               name: "USN-2489-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2489-1",
            },
            {
               name: "DSA-3152",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3152",
            },
            {
               name: "[oss-security] 20141102 unzip -t crasher",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2014/q4/489",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
            },
            {
               name: "FEDORA-2015-1189",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html",
            },
            {
               name: "[oss-security] 20141103 Re: unzip -t crasher",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2014/q4/496",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-9636",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2014/q4/1131",
                  },
                  {
                     name: "62738",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/62738",
                  },
                  {
                     name: "GLSA-201611-01",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201611-01",
                  },
                  {
                     name: "FEDORA-2015-1267",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html",
                  },
                  {
                     name: "62751",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/62751",
                  },
                  {
                     name: "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2015/q1/216",
                  },
                  {
                     name: "71825",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/71825",
                  },
                  {
                     name: "USN-2489-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2489-1",
                  },
                  {
                     name: "DSA-3152",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3152",
                  },
                  {
                     name: "[oss-security] 20141102 unzip -t crasher",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2014/q4/489",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
                  },
                  {
                     name: "FEDORA-2015-1189",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html",
                  },
                  {
                     name: "[oss-security] 20141103 Re: unzip -t crasher",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2014/q4/496",
                  },
                  {
                     name: "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
                     refsource: "CONFIRM",
                     url: "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-9636",
      datePublished: "2015-02-06T15:00:00",
      dateReserved: "2015-01-22T00:00:00",
      dateUpdated: "2024-08-06T13:47:41.812Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4217
Vulnerability from cvelistv5
Published
2022-08-24 15:08
Modified
2024-08-03 17:16
Severity ?
Summary
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Impacted products
Vendor Product Version
n/a unzip Version: unzip 6.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.487Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044583",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-4217",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "unzip",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "unzip 6.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "CWE-476 - NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-24T15:08:43",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044583",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2021-4217",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-4217",
      datePublished: "2022-08-24T15:08:43",
      dateReserved: "2022-01-27T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.487Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-18384
Vulnerability from cvelistv5
Published
2018-10-16 15:00
Modified
2024-08-05 11:08
Severity ?
Summary
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:08:21.792Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sourceforge.net/p/infozip/bugs/53/",
               },
               {
                  name: "openSUSE-SU-2019:1117",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html",
               },
               {
                  name: "RHSA-2019:2159",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2159",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-10-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-06T16:06:27",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sourceforge.net/p/infozip/bugs/53/",
            },
            {
               name: "openSUSE-SU-2019:1117",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html",
            },
            {
               name: "RHSA-2019:2159",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2159",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-18384",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
                     refsource: "MISC",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
                  },
                  {
                     name: "https://sourceforge.net/p/infozip/bugs/53/",
                     refsource: "MISC",
                     url: "https://sourceforge.net/p/infozip/bugs/53/",
                  },
                  {
                     name: "openSUSE-SU-2019:1117",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html",
                  },
                  {
                     name: "RHSA-2019:2159",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2159",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-18384",
      datePublished: "2018-10-16T15:00:00",
      dateReserved: "2018-10-16T00:00:00",
      dateUpdated: "2024-08-05T11:08:21.792Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2015-02-06 15:59
Modified
2024-11-21 02:21
Severity ?
Summary
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html
cve@mitre.orghttp://seclists.org/oss-sec/2014/q4/1131
cve@mitre.orghttp://seclists.org/oss-sec/2014/q4/489
cve@mitre.orghttp://seclists.org/oss-sec/2014/q4/496
cve@mitre.orghttp://seclists.org/oss-sec/2015/q1/216
cve@mitre.orghttp://secunia.com/advisories/62738
cve@mitre.orghttp://secunia.com/advisories/62751
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3152
cve@mitre.orghttp://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450Patch, Vendor Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
cve@mitre.orghttp://www.securityfocus.com/bid/71825
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2489-1
cve@mitre.orghttps://security.gentoo.org/glsa/201611-01
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/1131
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/489
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2014/q4/496
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2015/q1/216
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62738
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62751
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3152
af854a3a-2127-422b-91ae-364da2661108http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/71825
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2489-1
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201611-01



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.",
      },
      {
         lang: "es",
         value: "unzip 6.0 permite a atacantes remotos causar una denegación de servicio (lectura o escritura fuera de rango y caída) a través de un campo extra con un tamaño comprimido más pequeño que el tamaño del campo comprimido en un archivo zip que anuncia la compresión del método almacenado (STORED).",
      },
   ],
   id: "CVE-2014-9636",
   lastModified: "2024-11-21T02:21:18.103",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-02-06T15:59:06.757",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/oss-sec/2014/q4/1131",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/oss-sec/2014/q4/489",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/oss-sec/2014/q4/496",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/oss-sec/2015/q1/216",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/62738",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/62751",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2015/dsa-3152",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/71825",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2489-1",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/201611-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/oss-sec/2014/q4/1131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/oss-sec/2014/q4/489",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/oss-sec/2014/q4/496",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/oss-sec/2015/q1/216",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/62738",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/62751",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3152",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/71825",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2489-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201611-01",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:37
Summary
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en unzip. La vulnerabilidad es producida debido a un manejo inapropiado de las cadenas Unicode, que puede conllevar a una desreferencia de puntero null. Este fallo permite a un atacante introducir un archivo zip especialmente diseñado, lo que conlleva a un fallo o la ejecución de código",
      },
   ],
   id: "CVE-2021-4217",
   lastModified: "2024-11-21T06:37:10.350",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 3.3,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-24T16:15:10.090",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-4217",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044583",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-4217",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044583",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-07-04 13:15
Modified
2024-11-21 04:24
Summary
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Impacted products
Vendor Product Version
unzip_project unzip 6.0
debian debian_linux 8.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue.",
      },
      {
         lang: "es",
         value: "Info-ZIP UnZip versión 6.0 gestiona la superposición de archivos dentro de un contenedor ZIP, lo que lleva a la denegación de servicio (consumo de recursos), también conocido como un problema de \"mejor bomba zip\".",
      },
   ],
   id: "CVE-2019-13232",
   lastModified: "2024-11-21T04:24:29.980",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 3.3,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-07-04T13:15:10.750",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/madler/unzip",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-58",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190814-0002/",
      },
      {
         source: "cve@mitre.org",
         url: "https://support.f5.com/csp/article/K80311892?utm_source=f5support&amp%3Butm_medium=RSS",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.bamsoftware.com/hacks/zipbomb/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/madler/unzip",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-58",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190814-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.f5.com/csp/article/K80311892?utm_source=f5support&amp%3Butm_medium=RSS",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.bamsoftware.com/hacks/zipbomb/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:21
Summary
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
Impacted products
Vendor Product Version
unzip_project unzip 6.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer en la función list_files en list.c en Info-Zip UnZip 6.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con el método de compresión.",
      },
   ],
   id: "CVE-2014-9913",
   lastModified: "2024-11-21T02:21:57.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.5,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-01-18T17:59:00.217",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/11/03/5",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95081",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/11/03/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95081",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 03:01
Summary
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
Impacted products
Vendor Product Version
unzip_project unzip 6.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer en la función zi_short en zipinfo.c en Info-Zip UnZip 6.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un valor de método de compresión grande en el encabezado del archivo de directorio central.",
      },
   ],
   id: "CVE-2016-9844",
   lastModified: "2024-11-21T03:01:51.833",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.5,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-01-18T17:59:01.373",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94728",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/13",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/12/05/20",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94728",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:38
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
                     matchCriteriaId: "053C1B35-3869-41C2-9551-044182DE0A64",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en Unzip. La vulnerabilidad se produce durante la conversión de una cadena amplia a una cadena local que conduce a un montón de escritura fuera de límites. Este defecto permite a un atacante introducir un archivo zip especialmente diseñado, lo que lleva a un fallo o a la ejecución de código",
      },
   ],
   id: "CVE-2022-0529",
   lastModified: "2024-11-21T06:38:51.000",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-09T23:15:16.627",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/ByteHackr/unzip_poc",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202310-17",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/ByteHackr/unzip_poc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202310-17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5202",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-31 22:15
Modified
2024-11-21 02:18
Summary
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5408597-3DE8-46C9-AECB-4ADF35D050CA",
                     versionEndIncluding: "6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C18E3368-8980-45D2-AD3F-5BF385ABA693",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E8CD4EF-DC90-40BB-A721-6EC087507906",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "21690BAC-2129-4A33-9B48-1F3BF30072A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E02156-E748-4820-B76F-7074793837E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",
      },
      {
         lang: "es",
         value: "Un desbordamiento del búfer en la región heap de la memoria en la función test_compr_eb en Info-ZIP UnZip versiones 6.0 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo zip diseñado en el argumento del comando -t para el comando unzip.",
      },
   ],
   id: "CVE-2014-8140",
   lastModified: "2024-11-21T02:18:38.570",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-31T22:15:10.903",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ocert.org/advisories/ocert-2014-011.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1031433",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:0700",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174851",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ocert.org/advisories/ocert-2014-011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1031433",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:0700",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174851",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-06 18:59
Modified
2024-11-21 02:37
Severity ?
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.",
      },
      {
         lang: "es",
         value: "Info-ZIP UnZip 6.0 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica y caída de aplicación) o posiblemente ejecutar código arbitrario a través de un archivo ZIP protegido con contraseña manipulado, posiblemente relacionado con un valor de tamaño Extra-Field.",
      },
   ],
   id: "CVE-2015-7696",
   lastModified: "2024-11-21T02:37:14.123",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-11-06T18:59:04.533",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2015/dsa-3386",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/09/21/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/76863",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1034027",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2788-1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2788-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3386",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/09/21/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/76863",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1034027",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2788-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2788-2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-02-09 23:29
Modified
2024-11-21 03:39
Summary
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
Impacted products
Vendor Product Version
unzip_project unzip *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EB9FB39-76DF-401E-813A-3757B47162B2",
                     versionEndIncluding: "6.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.",
      },
      {
         lang: "es",
         value: "Existe un desbordamiento de búfer basado en memoria dinámica (heap) en InfoZip UnZip, en versiones iguales o anteriores a la 6.00, en el procesamiento de archivos protegidos por contraseña que permite que un atacante realice una denegación de servicio (DoS) o que pueda lograr la ejecución de código.",
      },
   ],
   id: "CVE-2018-1000035",
   lastModified: "2024-11-21T03:39:29.013",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-02-09T23:29:01.213",
   references: [
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/202003-58",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202003-58",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-06 18:59
Modified
2024-11-21 02:37
Severity ?
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.",
      },
      {
         lang: "es",
         value: "Info-ZIP UnZip 6.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de dato bzip2 vacío en un archivo ZIP.",
      },
   ],
   id: "CVE-2015-7697",
   lastModified: "2024-11-21T02:37:14.267",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-11-06T18:59:05.910",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://sourceforge.net/p/infozip/patches/23/",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2015/dsa-3386",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/76863",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1034027",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2788-1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-2788-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/p/infozip/patches/23/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3386",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/09/07/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/09/15/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/10/11/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/76863",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1034027",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2788-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2788-2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-31 23:15
Modified
2024-11-21 02:18
Summary
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5408597-3DE8-46C9-AECB-4ADF35D050CA",
                     versionEndIncluding: "6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C18E3368-8980-45D2-AD3F-5BF385ABA693",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E8CD4EF-DC90-40BB-A721-6EC087507906",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E02156-E748-4820-B76F-7074793837E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",
      },
      {
         lang: "es",
         value: "Un desbordamiento del búfer en la región heap de la memoria en la función getZip64Data en Info-ZIP UnZip versiones 6.0 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo zip diseñado en el argumento del comando -t para el comando unzip.",
      },
   ],
   id: "CVE-2014-8141",
   lastModified: "2024-11-21T02:18:38.683",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-31T23:15:10.590",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ocert.org/advisories/ocert-2014-011.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1031433",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:0700",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174856",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ocert.org/advisories/ocert-2014-011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1031433",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:0700",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174856",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-10-16 16:50
Modified
2024-11-21 03:55
Summary
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
Impacted products
Vendor Product Version
unzip_project unzip 6.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.",
      },
      {
         lang: "es",
         value: "Info-ZIP UnZip 6.0 tiene un desbordamiento de búfer en list.c, cuando un archivo ZIP tiene una relación manipulada entre el valor de tamaño comprimido y el no comprimido. Esto se debe a que el tamaño de búfer es 10 y se supone que es 12.",
      },
   ],
   id: "CVE-2018-18384",
   lastModified: "2024-11-21T03:55:50.430",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-10-16T16:50:12.773",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2019:2159",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/infozip/bugs/53/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:2159",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://sourceforge.net/p/infozip/bugs/53/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:38
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
References
secalert@redhat.comhttp://seclists.org/fulldisclosure/2022/May/33Mailing List, Third Party Advisory
secalert@redhat.comhttp://seclists.org/fulldisclosure/2022/May/35Mailing List, Third Party Advisory
secalert@redhat.comhttp://seclists.org/fulldisclosure/2022/May/38Mailing List, Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2051395Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://github.com/ByteHackr/unzip_pocExploit, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2022/09/msg00028.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/202310-17Third Party Advisory
secalert@redhat.comhttps://support.apple.com/kb/HT213255Vendor Advisory
secalert@redhat.comhttps://support.apple.com/kb/HT213256Vendor Advisory
secalert@redhat.comhttps://support.apple.com/kb/HT213257Vendor Advisory
secalert@redhat.comhttps://www.debian.org/security/2022/dsa-5202Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/May/33Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/May/35Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/May/38Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2051395Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/ByteHackr/unzip_pocExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/09/msg00028.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202310-17Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213255Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213256Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213257Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5202Third Party Advisory
Impacted products
Vendor Product Version
unzip_project unzip 6.0
redhat enterprise_linux 8.0
fedoraproject fedora 35
apple mac_os_x *
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple macos *
apple macos *
debian debian_linux 10.0
debian debian_linux 11.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9BC86B-F353-4390-B288-B528BA8AA0A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
                     matchCriteriaId: "053C1B35-3869-41C2-9551-044182DE0A64",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
                     versionEndExcluding: "10.15.7",
                     versionStartIncluding: "10.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                     matchCriteriaId: "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
                     matchCriteriaId: "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
                     matchCriteriaId: "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
                     matchCriteriaId: "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                     matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                     matchCriteriaId: "D425C653-37A2-448C-BF2F-B684ADB08A26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
                     matchCriteriaId: "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
                     matchCriteriaId: "012052B5-9AA7-4FD3-9C80-5F615330039D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
                     matchCriteriaId: "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
                     matchCriteriaId: "8E974DC6-F7D9-4389-9AF9-863F6E419CE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
                     matchCriteriaId: "156A6382-2BD3-4882-90B2-8E7CF6659E17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
                     matchCriteriaId: "20A2FDB2-6712-406A-9896-C0B44508B07D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*",
                     matchCriteriaId: "49F537A0-DC42-4176-B22F-C80D179DD99D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                     matchCriteriaId: "C1C795B9-E58D-467C-83A8-2D45C792292F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "09A6345C-D813-43BA-B12E-789C80653F86",
                     versionEndExcluding: "11.6.6",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56A8A170-44A7-4334-88B0-CB4413E28E53",
                     versionEndExcluding: "12.4",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un fallo en Unzip. La vulnerabilidad se produce durante la conversión de una cadena amplia a una cadena local que conduce a un montón de escritura fuera de límites. Este defecto permite a un atacante introducir un archivo zip especialmente diseñado, lo que lleva a un fallo o a la ejecución de código",
      },
   ],
   id: "CVE-2022-0530",
   lastModified: "2024-11-21T06:38:51.130",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-09T23:15:16.677",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2022/May/33",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2022/May/35",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2022/May/38",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/ByteHackr/unzip_poc",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202310-17",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213255",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213256",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213257",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2022/May/33",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2022/May/35",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2022/May/38",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051395",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/ByteHackr/unzip_poc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202310-17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213255",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213256",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213257",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5202",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-12-27 22:15
Modified
2024-11-21 05:29
Severity ?
Summary
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Impacted products
Vendor Product Version
unzip_project unzip *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:go:*:*",
                     matchCriteriaId: "50ACA0B5-19B0-467C-BC62-BA8DB8AE5F92",
                     versionEndExcluding: "1.0.3-0.20200308084313-2adbaa4891b9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.",
      },
      {
         lang: "es",
         value: "Debido a una sanitización inadecuada de la ruta, los archivos que contienen rutas de archivo relativas pueden hacer que los archivos se escriban (o sobrescriban) fuera del directorio de destino.",
      },
   ],
   id: "CVE-2020-36561",
   lastModified: "2024-11-21T05:29:50.427",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-12-27T22:15:11.623",
   references: [
      {
         source: "security@golang.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73",
      },
      {
         source: "security@golang.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/yi-ge/unzip/pull/1",
      },
      {
         source: "security@golang.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://pkg.go.dev/vuln/GO-2020-0035",
      },
      {
         source: "security@golang.org",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://snyk.io/research/zip-slip-vulnerability",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/yi-ge/unzip/pull/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://pkg.go.dev/vuln/GO-2020-0035",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://snyk.io/research/zip-slip-vulnerability",
      },
   ],
   sourceIdentifier: "security@golang.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-31 22:15
Modified
2024-11-21 02:18
Summary
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5408597-3DE8-46C9-AECB-4ADF35D050CA",
                     versionEndIncluding: "6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C18E3368-8980-45D2-AD3F-5BF385ABA693",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E8CD4EF-DC90-40BB-A721-6EC087507906",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "21690BAC-2129-4A33-9B48-1F3BF30072A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E02156-E748-4820-B76F-7074793837E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.",
      },
      {
         lang: "es",
         value: "Un desbordamiento del búfer en la región heap de la memoria en la comprobación de CRC32 en Info-ZIP UnZip versiones 6.0 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo zip diseñado en el argumento del comando -t para el comando unzip.",
      },
   ],
   id: "CVE-2014-8139",
   lastModified: "2024-11-21T02:18:38.457",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-31T22:15:10.760",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ocert.org/advisories/ocert-2014-011.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1031433",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:0700",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174844",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ocert.org/advisories/ocert-2014-011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1031433",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:0700",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1174844",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}