Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
32 vulnerabilities by unzip_project
CVE-2020-36561 (GCVE-0-2020-36561)
Vulnerability from cvelistv5 – Published: 2022-12-27 21:13 – Updated: 2025-04-11 16:38
VLAI
EPSS
VEX
Title
Path traversal in github.com/yi-ge/unzip
Summary
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE 29: Path Traversal: "\..\filename"
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| github.com/yi-ge/unzip | github.com/yi-ge/unzip |
Affected:
0 , < 1.0.3-0.20200308084313-2adbaa4891b9
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yi-ge/unzip/pull/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2020-0035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-36561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T16:37:46.487917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:38:20.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "github.com/yi-ge/unzip",
"product": "github.com/yi-ge/unzip",
"programRoutines": [
{
"name": "Unzip.Extract"
}
],
"vendor": "github.com/yi-ge/unzip",
"versions": [
{
"lessThan": "1.0.3-0.20200308084313-2adbaa4891b9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 29: Path Traversal: \"\\..\\filename\"",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:03:53.400Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://github.com/yi-ge/unzip/pull/1"
},
{
"url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
},
{
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0035"
}
],
"title": "Path traversal in github.com/yi-ge/unzip"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2020-36561",
"datePublished": "2022-12-27T21:13:22.650Z",
"dateReserved": "2022-07-29T17:07:52.749Z",
"dateUpdated": "2025-04-11T16:38:20.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4217 (GCVE-0-2021-4217)
Vulnerability from cvelistv5 – Published: 2022-08-24 15:08 – Updated: 2024-08-03 17:16
VLAI
EPSS
VEX
Summary
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Severity
No CVSS data available.
CWE
- CWE-476 - - NULL Pointer Dereference
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/unzip/+… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=2044583 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2021-4217 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unzip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unzip 6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:08:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4217"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4217",
"datePublished": "2022-08-24T15:08:43.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:04.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0529 (GCVE-0-2022-0529)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
VLAI
EPSS
VEX
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Severity
No CVSS data available.
CWE
- SEGV
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2051395 | x_refsource_MISC |
| https://github.com/ByteHackr/unzip_poc | x_refsource_MISC |
| https://www.debian.org/security/2022/dsa-5202 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202310-17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unzip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SEGV",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T10:06:17.856Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"url": "https://security.gentoo.org/glsa/202310-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0529",
"datePublished": "2022-02-09T22:05:51.000Z",
"dateReserved": "2022-02-08T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:48.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0530 (GCVE-0-2022-0530)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
VLAI
EPSS
VEX
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Severity
No CVSS data available.
CWE
- SEGV
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2051395 | x_refsource_MISC |
| https://github.com/ByteHackr/unzip_poc | x_refsource_MISC |
| https://support.apple.com/kb/HT213257 | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT213255 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2022/May/33 | mailing-listx_refsource_FULLDISC |
| http://seclists.org/fulldisclosure/2022/May/35 | mailing-listx_refsource_FULLDISC |
| http://seclists.org/fulldisclosure/2022/May/38 | mailing-listx_refsource_FULLDISC |
| https://www.debian.org/security/2022/dsa-5202 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202310-17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unzip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SEGV",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T10:06:15.675Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"url": "https://security.gentoo.org/glsa/202310-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0530",
"datePublished": "2022-02-09T22:05:50.000Z",
"dateReserved": "2022-02-08T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:49.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8141 (GCVE-0-2014-8141)
Vulnerability from cvelistv5 – Published: 2020-01-31 22:08 – Updated: 2024-08-06 13:10
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-011.html | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2015:0700 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1174856 | x_refsource_MISC |
| http://www.securitytracker.com/id/1031433 | x_refsource_MISC |
Date Public
2014-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UnZip",
"vendor": "Info-ZIP",
"versions": [
{
"status": "affected",
"version": "6.0 and earlier"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T22:08:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1031433"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8141",
"datePublished": "2020-01-31T22:08:18.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8140 (GCVE-0-2014-8140)
Vulnerability from cvelistv5 – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-011.html | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2015:0700 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1174851 | x_refsource_MISC |
| http://www.securitytracker.com/id/1031433 | x_refsource_MISC |
Date Public
2014-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UnZip",
"vendor": "Info-ZIP",
"versions": [
{
"status": "affected",
"version": "6.0 and earlier"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T22:00:32.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1031433"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8140",
"datePublished": "2020-01-31T22:00:32.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8139 (GCVE-0-2014-8139)
Vulnerability from cvelistv5 – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-011.html | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2015:0700 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1174844 | x_refsource_MISC |
| http://www.securitytracker.com/id/1031433 | x_refsource_MISC |
Date Public
2014-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UnZip",
"vendor": "Info-ZIP",
"versions": [
{
"status": "affected",
"version": "6.0 and earlier"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T22:00:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1031433"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8139",
"datePublished": "2020-01-31T22:00:28.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:51.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13232 (GCVE-0-2019-13232)
Vulnerability from cvelistv5 – Published: 2019-07-04 12:03 – Updated: 2024-08-04 23:49
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.bamsoftware.com/hacks/zipbomb/ | x_refsource_MISC |
| https://github.com/madler/unzip | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019081… | x_refsource_CONFIRM |
| https://support.f5.com/csp/article/K80311892?utm_… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202003-58 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bamsoftware.com/hacks/zipbomb/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/madler/unzip"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
},
{
"name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T19:06:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bamsoftware.com/hacks/zipbomb/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/madler/unzip"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
},
{
"name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bamsoftware.com/hacks/zipbomb/",
"refsource": "MISC",
"url": "https://www.bamsoftware.com/hacks/zipbomb/"
},
{
"name": "https://github.com/madler/unzip",
"refsource": "MISC",
"url": "https://github.com/madler/unzip"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
},
{
"name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190814-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
},
{
"name": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "GLSA-202003-58",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-58"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13232",
"datePublished": "2019-07-04T12:03:06.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:23.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18384 (GCVE-0-2018-18384)
Vulnerability from cvelistv5 – Published: 2018-10-16 15:00 – Updated: 2024-08-05 11:08
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1110194 | x_refsource_MISC |
| https://sourceforge.net/p/infozip/bugs/53/ | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2159 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/infozip/bugs/53/"
},
{
"name": "openSUSE-SU-2019:1117",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
},
{
"name": "RHSA-2019:2159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/infozip/bugs/53/"
},
{
"name": "openSUSE-SU-2019:1117",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
},
{
"name": "RHSA-2019:2159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
},
{
"name": "https://sourceforge.net/p/infozip/bugs/53/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/infozip/bugs/53/"
},
{
"name": "openSUSE-SU-2019:1117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
},
{
"name": "RHSA-2019:2159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18384",
"datePublished": "2018-10-16T15:00:00.000Z",
"dateReserved": "2018-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000035 (GCVE-0-2018-1000035)
Vulnerability from cvelistv5 – Published: 2018-02-09 23:00 – Updated: 2024-08-05 12:33
VLAI
EPSS
VEX
Summary
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202003-58 | vendor-advisoryx_refsource_GENTOO |
Date Public
2018-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:48.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
},
{
"name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-01T00:00:00.000Z",
"datePublic": "2018-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T19:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
},
{
"name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-01 0:00:00",
"ID": "CVE-2018-1000035",
"REQUESTER": "research@sec-consult.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
},
{
"name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
},
{
"name": "GLSA-202003-58",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-58"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000035",
"datePublished": "2018-02-09T23:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:48.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9913 (GCVE-0-2014-9913)
Vulnerability from cvelistv5 – Published: 2017-01-18 17:00 – Updated: 2024-08-06 14:02
VLAI
EPSS
VEX
Summary
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95081 | vdb-entryx_refsource_BID |
| https://bugs.launchpad.net/ubuntu/+source/unzip/+… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2014/11/03/5 | mailing-listx_refsource_MLIST |
Date Public
2014-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:36.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
},
{
"name": "[oss-security] 20141103 unzip -l crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
},
{
"name": "[oss-security] 20141103 unzip -l crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95081"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
},
{
"name": "[oss-security] 20141103 unzip -l crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9913",
"datePublished": "2017-01-18T17:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:02:36.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9844 (GCVE-0-2016-9844)
Vulnerability from cvelistv5 – Published: 2017-01-18 17:00 – Updated: 2024-08-06 02:59
VLAI
EPSS
VEX
Summary
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94728 | vdb-entryx_refsource_BID |
| https://bugs.launchpad.net/ubuntu/+source/unzip/+… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
Date Public
2016-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94728"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9844",
"datePublished": "2017-01-18T17:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7697 (GCVE-0-2015-7697)
Vulnerability from cvelistv5 – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2788-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/09/07/4 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3386 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id/1034027 | vdb-entryx_refsource_SECTRACK |
| http://www.ubuntu.com/usn/USN-2788-1 | vendor-advisoryx_refsource_UBUNTU |
| http://sourceforge.net/p/infozip/patches/23/ | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2015/09/15/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/76863 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/10/11/5 | mailing-listx_refsource_MLIST |
Date Public
2015-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/p/infozip/patches/23/"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/p/infozip/patches/23/"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2788-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "http://sourceforge.net/p/infozip/patches/23/",
"refsource": "MISC",
"url": "http://sourceforge.net/p/infozip/patches/23/"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7697",
"datePublished": "2015-11-06T18:00:00.000Z",
"dateReserved": "2015-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7696 (GCVE-0-2015-7696)
Vulnerability from cvelistv5 – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2788-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/09/07/4 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3386 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id/1034027 | vdb-entryx_refsource_SECTRACK |
| http://www.ubuntu.com/usn/USN-2788-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/09/21/6 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/09/15/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/76863 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/10/11/5 | mailing-listx_refsource_MLIST |
Date Public
2015-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2788-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7696",
"datePublished": "2015-11-06T18:00:00.000Z",
"dateReserved": "2015-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9636 (GCVE-0-2014-9636)
Vulnerability from cvelistv5 – Published: 2015-02-06 15:00 – Updated: 2024-08-06 13:47
VLAI
EPSS
VEX
Summary
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2014-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name": "62738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62738"
},
{
"name": "GLSA-201611-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-01"
},
{
"name": "FEDORA-2015-1267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name": "62751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62751"
},
{
"name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name": "71825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71825"
},
{
"name": "USN-2489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name": "DSA-3152",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3152"
},
{
"name": "[oss-security] 20141102 unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "FEDORA-2015-1189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name": "[oss-security] 20141103 Re: unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name": "62738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62738"
},
{
"name": "GLSA-201611-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-01"
},
{
"name": "FEDORA-2015-1267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name": "62751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62751"
},
{
"name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name": "71825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71825"
},
{
"name": "USN-2489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name": "DSA-3152",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3152"
},
{
"name": "[oss-security] 20141102 unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "FEDORA-2015-1189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name": "[oss-security] 20141103 Re: unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name": "62738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62738"
},
{
"name": "GLSA-201611-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-01"
},
{
"name": "FEDORA-2015-1267",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name": "62751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62751"
},
{
"name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name": "71825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71825"
},
{
"name": "USN-2489-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name": "DSA-3152",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3152"
},
{
"name": "[oss-security] 20141102 unzip -t crasher",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/489"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "FEDORA-2015-1189",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name": "[oss-security] 20141103 Re: unzip -t crasher",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/496"
},
{
"name": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450",
"refsource": "CONFIRM",
"url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9636",
"datePublished": "2015-02-06T15:00:00.000Z",
"dateReserved": "2015-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:47:41.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36561 (GCVE-0-2020-36561)
Vulnerability from nvd – Published: 2022-12-27 21:13 – Updated: 2025-04-11 16:38
VLAI
EPSS
VEX
Title
Path traversal in github.com/yi-ge/unzip
Summary
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE 29: Path Traversal: "\..\filename"
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| github.com/yi-ge/unzip | github.com/yi-ge/unzip |
Affected:
0 , < 1.0.3-0.20200308084313-2adbaa4891b9
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yi-ge/unzip/pull/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2020-0035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-36561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T16:37:46.487917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:38:20.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "github.com/yi-ge/unzip",
"product": "github.com/yi-ge/unzip",
"programRoutines": [
{
"name": "Unzip.Extract"
}
],
"vendor": "github.com/yi-ge/unzip",
"versions": [
{
"lessThan": "1.0.3-0.20200308084313-2adbaa4891b9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 29: Path Traversal: \"\\..\\filename\"",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:03:53.400Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://github.com/yi-ge/unzip/pull/1"
},
{
"url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
},
{
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0035"
}
],
"title": "Path traversal in github.com/yi-ge/unzip"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2020-36561",
"datePublished": "2022-12-27T21:13:22.650Z",
"dateReserved": "2022-07-29T17:07:52.749Z",
"dateUpdated": "2025-04-11T16:38:20.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4217 (GCVE-0-2021-4217)
Vulnerability from nvd – Published: 2022-08-24 15:08 – Updated: 2024-08-03 17:16
VLAI
EPSS
VEX
Summary
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Severity
No CVSS data available.
CWE
- CWE-476 - - NULL Pointer Dereference
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/unzip/+… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=2044583 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2021-4217 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unzip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unzip 6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:08:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4217"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4217",
"datePublished": "2022-08-24T15:08:43.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:04.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0530 (GCVE-0-2022-0530)
Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
VLAI
EPSS
VEX
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Severity
No CVSS data available.
CWE
- SEGV
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2051395 | x_refsource_MISC |
| https://github.com/ByteHackr/unzip_poc | x_refsource_MISC |
| https://support.apple.com/kb/HT213257 | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT213256 | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT213255 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2022/May/33 | mailing-listx_refsource_FULLDISC |
| http://seclists.org/fulldisclosure/2022/May/35 | mailing-listx_refsource_FULLDISC |
| http://seclists.org/fulldisclosure/2022/May/38 | mailing-listx_refsource_FULLDISC |
| https://www.debian.org/security/2022/dsa-5202 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202310-17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unzip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SEGV",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T10:06:15.675Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"url": "https://security.gentoo.org/glsa/202310-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0530",
"datePublished": "2022-02-09T22:05:50.000Z",
"dateReserved": "2022-02-08T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:49.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0529 (GCVE-0-2022-0529)
Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
VLAI
EPSS
VEX
Summary
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Severity
No CVSS data available.
CWE
- SEGV
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2051395 | x_refsource_MISC |
| https://github.com/ByteHackr/unzip_poc | x_refsource_MISC |
| https://www.debian.org/security/2022/dsa-5202 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202310-17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unzip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SEGV",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T10:06:17.856Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ByteHackr/unzip_poc"
},
{
"name": "DSA-5202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"url": "https://security.gentoo.org/glsa/202310-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0529",
"datePublished": "2022-02-09T22:05:51.000Z",
"dateReserved": "2022-02-08T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:48.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8141 (GCVE-0-2014-8141)
Vulnerability from nvd – Published: 2020-01-31 22:08 – Updated: 2024-08-06 13:10
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-011.html | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2015:0700 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1174856 | x_refsource_MISC |
| http://www.securitytracker.com/id/1031433 | x_refsource_MISC |
Date Public
2014-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UnZip",
"vendor": "Info-ZIP",
"versions": [
{
"status": "affected",
"version": "6.0 and earlier"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T22:08:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1031433"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8141",
"datePublished": "2020-01-31T22:08:18.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8140 (GCVE-0-2014-8140)
Vulnerability from nvd – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-011.html | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2015:0700 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1174851 | x_refsource_MISC |
| http://www.securitytracker.com/id/1031433 | x_refsource_MISC |
Date Public
2014-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UnZip",
"vendor": "Info-ZIP",
"versions": [
{
"status": "affected",
"version": "6.0 and earlier"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T22:00:32.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1031433"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8140",
"datePublished": "2020-01-31T22:00:32.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8139 (GCVE-0-2014-8139)
Vulnerability from nvd – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
VEX
Summary
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ocert.org/advisories/ocert-2014-011.html | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2015:0700 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1174844 | x_refsource_MISC |
| http://www.securitytracker.com/id/1031433 | x_refsource_MISC |
Date Public
2014-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UnZip",
"vendor": "Info-ZIP",
"versions": [
{
"status": "affected",
"version": "6.0 and earlier"
}
]
}
],
"datePublic": "2014-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T22:00:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1031433"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8139",
"datePublished": "2020-01-31T22:00:28.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:51.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13232 (GCVE-0-2019-13232)
Vulnerability from nvd – Published: 2019-07-04 12:03 – Updated: 2024-08-04 23:49
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.bamsoftware.com/hacks/zipbomb/ | x_refsource_MISC |
| https://github.com/madler/unzip | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019081… | x_refsource_CONFIRM |
| https://support.f5.com/csp/article/K80311892?utm_… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202003-58 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bamsoftware.com/hacks/zipbomb/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/madler/unzip"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
},
{
"name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T19:06:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bamsoftware.com/hacks/zipbomb/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/madler/unzip"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
},
{
"name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bamsoftware.com/hacks/zipbomb/",
"refsource": "MISC",
"url": "https://www.bamsoftware.com/hacks/zipbomb/"
},
{
"name": "https://github.com/madler/unzip",
"refsource": "MISC",
"url": "https://github.com/madler/unzip"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
},
{
"name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190814-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
},
{
"name": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "GLSA-202003-58",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-58"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13232",
"datePublished": "2019-07-04T12:03:06.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:23.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18384 (GCVE-0-2018-18384)
Vulnerability from nvd – Published: 2018-10-16 15:00 – Updated: 2024-08-05 11:08
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1110194 | x_refsource_MISC |
| https://sourceforge.net/p/infozip/bugs/53/ | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2159 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/infozip/bugs/53/"
},
{
"name": "openSUSE-SU-2019:1117",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
},
{
"name": "RHSA-2019:2159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/infozip/bugs/53/"
},
{
"name": "openSUSE-SU-2019:1117",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
},
{
"name": "RHSA-2019:2159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
},
{
"name": "https://sourceforge.net/p/infozip/bugs/53/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/infozip/bugs/53/"
},
{
"name": "openSUSE-SU-2019:1117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
},
{
"name": "RHSA-2019:2159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18384",
"datePublished": "2018-10-16T15:00:00.000Z",
"dateReserved": "2018-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000035 (GCVE-0-2018-1000035)
Vulnerability from nvd – Published: 2018-02-09 23:00 – Updated: 2024-08-05 12:33
VLAI
EPSS
VEX
Summary
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202003-58 | vendor-advisoryx_refsource_GENTOO |
Date Public
2018-02-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:48.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
},
{
"name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-01T00:00:00.000Z",
"datePublic": "2018-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T19:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
},
{
"name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
},
{
"name": "GLSA-202003-58",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-58"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-01 0:00:00",
"ID": "CVE-2018-1000035",
"REQUESTER": "research@sec-consult.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
},
{
"name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
},
{
"name": "GLSA-202003-58",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-58"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000035",
"datePublished": "2018-02-09T23:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:48.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9844 (GCVE-0-2016-9844)
Vulnerability from nvd – Published: 2017-01-18 17:00 – Updated: 2024-08-06 02:59
VLAI
EPSS
VEX
Summary
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94728 | vdb-entryx_refsource_BID |
| https://bugs.launchpad.net/ubuntu/+source/unzip/+… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
Date Public
2016-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94728"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9844",
"datePublished": "2017-01-18T17:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9913 (GCVE-0-2014-9913)
Vulnerability from nvd – Published: 2017-01-18 17:00 – Updated: 2024-08-06 14:02
VLAI
EPSS
VEX
Summary
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95081 | vdb-entryx_refsource_BID |
| https://bugs.launchpad.net/ubuntu/+source/unzip/+… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2014/11/03/5 | mailing-listx_refsource_MLIST |
Date Public
2014-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:36.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
},
{
"name": "[oss-security] 20141103 unzip -l crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
},
{
"name": "[oss-security] 20141103 unzip -l crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95081"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
},
{
"name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
},
{
"name": "[oss-security] 20141103 unzip -l crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9913",
"datePublished": "2017-01-18T17:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:02:36.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7697 (GCVE-0-2015-7697)
Vulnerability from nvd – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2788-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/09/07/4 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3386 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id/1034027 | vdb-entryx_refsource_SECTRACK |
| http://www.ubuntu.com/usn/USN-2788-1 | vendor-advisoryx_refsource_UBUNTU |
| http://sourceforge.net/p/infozip/patches/23/ | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2015/09/15/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/76863 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/10/11/5 | mailing-listx_refsource_MLIST |
Date Public
2015-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/p/infozip/patches/23/"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/p/infozip/patches/23/"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2788-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "http://sourceforge.net/p/infozip/patches/23/",
"refsource": "MISC",
"url": "http://sourceforge.net/p/infozip/patches/23/"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7697",
"datePublished": "2015-11-06T18:00:00.000Z",
"dateReserved": "2015-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7696 (GCVE-0-2015-7696)
Vulnerability from nvd – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2788-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/09/07/4 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3386 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id/1034027 | vdb-entryx_refsource_SECTRACK |
| http://www.ubuntu.com/usn/USN-2788-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/09/21/6 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/09/15/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/76863 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/10/11/5 | mailing-listx_refsource_MLIST |
Date Public
2015-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2788-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-2"
},
{
"name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
},
{
"name": "DSA-3386",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3386"
},
{
"name": "1034027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034027"
},
{
"name": "USN-2788-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2788-1"
},
{
"name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
},
{
"name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
},
{
"name": "76863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76863"
},
{
"name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7696",
"datePublished": "2015-11-06T18:00:00.000Z",
"dateReserved": "2015-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9636 (GCVE-0-2014-9636)
Vulnerability from nvd – Published: 2015-02-06 15:00 – Updated: 2024-08-06 13:47
VLAI
EPSS
VEX
Summary
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2014-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name": "62738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62738"
},
{
"name": "GLSA-201611-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-01"
},
{
"name": "FEDORA-2015-1267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name": "62751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62751"
},
{
"name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name": "71825",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71825"
},
{
"name": "USN-2489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name": "DSA-3152",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3152"
},
{
"name": "[oss-security] 20141102 unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "FEDORA-2015-1189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name": "[oss-security] 20141103 Re: unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name": "62738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62738"
},
{
"name": "GLSA-201611-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-01"
},
{
"name": "FEDORA-2015-1267",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name": "62751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62751"
},
{
"name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name": "71825",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71825"
},
{
"name": "USN-2489-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name": "DSA-3152",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3152"
},
{
"name": "[oss-security] 20141102 unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "FEDORA-2015-1189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name": "[oss-security] 20141103 Re: unzip -t crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/1131"
},
{
"name": "62738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62738"
},
{
"name": "GLSA-201611-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-01"
},
{
"name": "FEDORA-2015-1267",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
},
{
"name": "62751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62751"
},
{
"name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/216"
},
{
"name": "71825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71825"
},
{
"name": "USN-2489-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2489-1"
},
{
"name": "DSA-3152",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3152"
},
{
"name": "[oss-security] 20141102 unzip -t crasher",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/489"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "FEDORA-2015-1189",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
},
{
"name": "[oss-security] 20141103 Re: unzip -t crasher",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/496"
},
{
"name": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450",
"refsource": "CONFIRM",
"url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9636",
"datePublished": "2015-02-06T15:00:00.000Z",
"dateReserved": "2015-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:47:41.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}