The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unzip_project | unzip | * |
| canonical | ubuntu_linux | 7.04 |
| canonical | ubuntu_linux | 6.10 |
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 7.10 |
| debian | debian_linux | 4.0 |
| apple | mac_os_x | * |
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| unzip_project | unzip | * |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_eus | 6.6 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_aus | 6.6 |
| redhat | enterprise_linux_server_eus | 7.1 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_tus | 6.6 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.3 |
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| unzip_project | unzip | * |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_eus | 6.6 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_aus | 6.6 |
| redhat | enterprise_linux_server_eus | 7.1 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_tus | 6.6 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.3 |
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.1 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| unzip_project | unzip | * |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_tus | 6.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_eus | 6.6 |
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
| fedoraproject | fedora | 21 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 10.04 |
| unzip_project | unzip | 6.0 |
| debian | debian_linux | 7.0 |
| fedoraproject | fedora | 20 |
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unzip_project | unzip | 6.0 |
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 15.10 |
| canonical | ubuntu_linux | 15.04 |
| unzip_project | unzip | 6.0 |
| debian | debian_linux | 7.0 |
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 15.10 |
| canonical | ubuntu_linux | 15.04 |
| unzip_project | unzip | 6.0 |
| debian | debian_linux | 7.0 |
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unzip_project | unzip | 6.0 |
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unzip_project | unzip | * |
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unzip_project | unzip | 6.0 |
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| unzip_project | unzip | 6.0 |
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unzip_project | unzip | * |
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 35 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 9.0 |
| unzip_project | unzip | 6.0 |
| redhat | enterprise_linux | 8.0 |
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| debian | debian_linux | 11.0 |
| unzip_project | unzip | 6.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux | 8.0 |
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| debian | debian_linux | 11.0 |
| apple | mac_os_x | 10.15.7 |
| unzip_project | unzip | 6.0 |
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux | 8.0 |
| apple | mac_os_x | * |
| apple | macos | * |