Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    32 vulnerabilities by unzip_project

    CVE-2020-36561 (GCVE-0-2020-36561)

    Vulnerability from cvelistv5 – Published: 2022-12-27 21:13 – Updated: 2025-04-11 16:38
    VLAI
    Title
    Path traversal in github.com/yi-ge/unzip
    Summary
    Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE 29: Path Traversal: "\..\filename"
    Assigner
    Go
    Impacted products
    Vendor Product Version
    github.com/yi-ge/unzip github.com/yi-ge/unzip Affected: 0 , < 1.0.3-0.20200308084313-2adbaa4891b9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:30:08.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/yi-ge/unzip/pull/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/research/zip-slip-vulnerability"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2020-0035"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36561",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-11T16:37:46.487917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-11T16:38:20.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "github.com/yi-ge/unzip",
              "product": "github.com/yi-ge/unzip",
              "programRoutines": [
                {
                  "name": "Unzip.Extract"
                }
              ],
              "vendor": "github.com/yi-ge/unzip",
              "versions": [
                {
                  "lessThan": "1.0.3-0.20200308084313-2adbaa4891b9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 29: Path Traversal: \"\\..\\filename\"",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:03:53.400Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://github.com/yi-ge/unzip/pull/1"
            },
            {
              "url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
            },
            {
              "url": "https://snyk.io/research/zip-slip-vulnerability"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2020-0035"
            }
          ],
          "title": "Path traversal in github.com/yi-ge/unzip"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2020-36561",
        "datePublished": "2022-12-27T21:13:22.650Z",
        "dateReserved": "2022-07-29T17:07:52.749Z",
        "dateUpdated": "2025-04-11T16:38:20.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4217 (GCVE-0-2021-4217)

    Vulnerability from cvelistv5 – Published: 2022-08-24 15:08 – Updated: 2024-08-03 17:16
    VLAI
    Summary
    A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-476 - - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    n/a unzip Affected: unzip 6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2021-4217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unzip",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "unzip 6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 - NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:08:43.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2021-4217"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4217",
        "datePublished": "2022-08-24T15:08:43.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0529 (GCVE-0-2022-0529)

    Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
    Severity
    No CVSS data available.
    CWE
    • SEGV
    Assigner
    Impacted products
    Vendor Product Version
    n/a unzip Affected: 6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ByteHackr/unzip_poc"
              },
              {
                "name": "DSA-5202",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5202"
              },
              {
                "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unzip",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SEGV",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T10:06:17.856Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ByteHackr/unzip_poc"
            },
            {
              "name": "DSA-5202",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5202"
            },
            {
              "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
            },
            {
              "url": "https://security.gentoo.org/glsa/202310-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-0529",
        "datePublished": "2022-02-09T22:05:51.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:48.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0530 (GCVE-0-2022-0530)

    Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
    Severity
    No CVSS data available.
    CWE
    • SEGV
    Assigner
    Impacted products
    Vendor Product Version
    n/a unzip Affected: 6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ByteHackr/unzip_poc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213257"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213256"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213255"
              },
              {
                "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/33"
              },
              {
                "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/35"
              },
              {
                "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/38"
              },
              {
                "name": "DSA-5202",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5202"
              },
              {
                "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unzip",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SEGV",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T10:06:15.675Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ByteHackr/unzip_poc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT213257"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT213256"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT213255"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/33"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/35"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/38"
            },
            {
              "name": "DSA-5202",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5202"
            },
            {
              "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
            },
            {
              "url": "https://security.gentoo.org/glsa/202310-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-0530",
        "datePublished": "2022-02-09T22:05:50.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:49.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8141 (GCVE-0-2014-8141)

    Vulnerability from cvelistv5 – Published: 2020-01-31 22:08 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Info-ZIP UnZip Affected: 6.0 and earlier
    Create a notification for this product.
    Date Public
    2014-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:50.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:0700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UnZip",
              "vendor": "Info-ZIP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2014-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T22:08:18.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:0700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1031433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-8141",
        "datePublished": "2020-01-31T22:08:18.000Z",
        "dateReserved": "2014-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:50.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8140 (GCVE-0-2014-8140)

    Vulnerability from cvelistv5 – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Info-ZIP UnZip Affected: 6.0 and earlier
    Create a notification for this product.
    Date Public
    2014-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:50.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:0700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UnZip",
              "vendor": "Info-ZIP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2014-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T22:00:32.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:0700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1031433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-8140",
        "datePublished": "2020-01-31T22:00:32.000Z",
        "dateReserved": "2014-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:50.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8139 (GCVE-0-2014-8139)

    Vulnerability from cvelistv5 – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Info-ZIP UnZip Affected: 6.0 and earlier
    Create a notification for this product.
    Date Public
    2014-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:51.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:0700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UnZip",
              "vendor": "Info-ZIP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2014-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T22:00:28.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:0700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1031433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-8139",
        "datePublished": "2020-01-31T22:00:28.000Z",
        "dateReserved": "2014-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:51.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13232 (GCVE-0-2019-13232)

    Vulnerability from cvelistv5 – Published: 2019-07-04 12:03 – Updated: 2024-08-04 23:49
    VLAI
    Summary
    Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:49:23.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bamsoftware.com/hacks/zipbomb/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/madler/unzip"
              },
              {
                "name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
              },
              {
                "name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "name": "GLSA-202003-58",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-58"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-26T19:06:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bamsoftware.com/hacks/zipbomb/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/madler/unzip"
            },
            {
              "name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
            },
            {
              "name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "name": "GLSA-202003-58",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-58"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-13232",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bamsoftware.com/hacks/zipbomb/",
                  "refsource": "MISC",
                  "url": "https://www.bamsoftware.com/hacks/zipbomb/"
                },
                {
                  "name": "https://github.com/madler/unzip",
                  "refsource": "MISC",
                  "url": "https://github.com/madler/unzip"
                },
                {
                  "name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
                },
                {
                  "name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190814-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
                },
                {
                  "name": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "GLSA-202003-58",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-58"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-13232",
        "datePublished": "2019-07-04T12:03:06.000Z",
        "dateReserved": "2019-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:49:23.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18384 (GCVE-0-2018-18384)

    Vulnerability from cvelistv5 – Published: 2018-10-16 15:00 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:21.792Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/infozip/bugs/53/"
              },
              {
                "name": "openSUSE-SU-2019:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
              },
              {
                "name": "RHSA-2019:2159",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/infozip/bugs/53/"
            },
            {
              "name": "openSUSE-SU-2019:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
            },
            {
              "name": "RHSA-2019:2159",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2159"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18384",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
                },
                {
                  "name": "https://sourceforge.net/p/infozip/bugs/53/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/infozip/bugs/53/"
                },
                {
                  "name": "openSUSE-SU-2019:1117",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
                },
                {
                  "name": "RHSA-2019:2159",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2159"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18384",
        "datePublished": "2018-10-16T15:00:00.000Z",
        "dateReserved": "2018-10-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:21.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000035 (GCVE-0-2018-1000035)

    Vulnerability from cvelistv5 – Published: 2018-02-09 23:00 – Updated: 2024-08-05 12:33
    VLAI
    Summary
    A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:48.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
              },
              {
                "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
              },
              {
                "name": "GLSA-202003-58",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-58"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-02-01T00:00:00.000Z",
          "datePublic": "2018-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-26T19:06:03.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
            },
            {
              "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
            },
            {
              "name": "GLSA-202003-58",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-58"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-02-01 0:00:00",
              "ID": "CVE-2018-1000035",
              "REQUESTER": "research@sec-consult.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
                  "refsource": "MISC",
                  "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
                },
                {
                  "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
                },
                {
                  "name": "GLSA-202003-58",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-58"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000035",
        "datePublished": "2018-02-09T23:00:00.000Z",
        "dateReserved": "2018-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:33:48.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9913 (GCVE-0-2014-9913)

    Vulnerability from cvelistv5 – Published: 2017-01-18 17:00 – Updated: 2024-08-06 14:02
    VLAI
    Summary
    Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:02:36.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95081"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
              },
              {
                "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
              },
              {
                "name": "[oss-security] 20141103 unzip -l crasher",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-19T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "95081",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95081"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
            },
            {
              "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
            },
            {
              "name": "[oss-security] 20141103 unzip -l crasher",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9913",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95081",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95081"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
                },
                {
                  "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
                },
                {
                  "name": "[oss-security] 20141103 unzip -l crasher",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9913",
        "datePublished": "2017-01-18T17:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:02:36.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9844 (GCVE-0-2016-9844)

    Vulnerability from cvelistv5 – Published: 2017-01-18 17:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94728",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94728"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
              },
              {
                "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-19T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "94728",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94728"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
            },
            {
              "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-9844",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94728",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94728"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
                },
                {
                  "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-9844",
        "datePublished": "2017-01-18T17:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:03.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7697 (GCVE-0-2015-7697)

    Vulnerability from cvelistv5 – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2788-2 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/09/07/4 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2015/dsa-3386 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id/1034027 vdb-entryx_refsource_SECTRACK
    http://www.ubuntu.com/usn/USN-2788-1 vendor-advisoryx_refsource_UBUNTU
    http://sourceforge.net/p/infozip/patches/23/ x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2015/09/15/6 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/76863 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/10/11/5 mailing-listx_refsource_MLIST
    Date Public
    2015-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.903Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2788-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-2"
              },
              {
                "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
              },
              {
                "name": "DSA-3386",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3386"
              },
              {
                "name": "1034027",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034027"
              },
              {
                "name": "USN-2788-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/p/infozip/patches/23/"
              },
              {
                "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
              },
              {
                "name": "76863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76863"
              },
              {
                "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-05T22:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-2788-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-2"
            },
            {
              "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
            },
            {
              "name": "DSA-3386",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3386"
            },
            {
              "name": "1034027",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034027"
            },
            {
              "name": "USN-2788-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/p/infozip/patches/23/"
            },
            {
              "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
            },
            {
              "name": "76863",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76863"
            },
            {
              "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7697",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2788-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-2"
                },
                {
                  "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
                },
                {
                  "name": "DSA-3386",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3386"
                },
                {
                  "name": "1034027",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034027"
                },
                {
                  "name": "USN-2788-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-1"
                },
                {
                  "name": "http://sourceforge.net/p/infozip/patches/23/",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/p/infozip/patches/23/"
                },
                {
                  "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
                },
                {
                  "name": "76863",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76863"
                },
                {
                  "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7697",
        "datePublished": "2015-11-06T18:00:00.000Z",
        "dateReserved": "2015-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7696 (GCVE-0-2015-7696)

    Vulnerability from cvelistv5 – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2788-2 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/09/07/4 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2015/dsa-3386 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id/1034027 vdb-entryx_refsource_SECTRACK
    http://www.ubuntu.com/usn/USN-2788-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/09/21/6 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2015/09/15/6 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/76863 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/10/11/5 mailing-listx_refsource_MLIST
    Date Public
    2015-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2788-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-2"
              },
              {
                "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
              },
              {
                "name": "DSA-3386",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3386"
              },
              {
                "name": "1034027",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034027"
              },
              {
                "name": "USN-2788-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-1"
              },
              {
                "name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
              },
              {
                "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
              },
              {
                "name": "76863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76863"
              },
              {
                "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-05T22:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-2788-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-2"
            },
            {
              "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
            },
            {
              "name": "DSA-3386",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3386"
            },
            {
              "name": "1034027",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034027"
            },
            {
              "name": "USN-2788-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-1"
            },
            {
              "name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
            },
            {
              "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
            },
            {
              "name": "76863",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76863"
            },
            {
              "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2788-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-2"
                },
                {
                  "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
                },
                {
                  "name": "DSA-3386",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3386"
                },
                {
                  "name": "1034027",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034027"
                },
                {
                  "name": "USN-2788-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-1"
                },
                {
                  "name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
                },
                {
                  "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
                },
                {
                  "name": "76863",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76863"
                },
                {
                  "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7696",
        "datePublished": "2015-11-06T18:00:00.000Z",
        "dateReserved": "2015-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9636 (GCVE-0-2014-9636)

    Vulnerability from cvelistv5 – Published: 2015-02-06 15:00 – Updated: 2024-08-06 13:47
    VLAI
    Summary
    unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/oss-sec/2014/q4/1131 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/62738 third-party-advisoryx_refsource_SECUNIA
    https://security.gentoo.org/glsa/201611-01 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/62751 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2015/q1/216 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/71825 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2489-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2015/dsa-3152 vendor-advisoryx_refsource_DEBIAN
    http://seclists.org/oss-sec/2014/q4/489 mailing-listx_refsource_MLIST
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://seclists.org/oss-sec/2014/q4/496 mailing-listx_refsource_MLIST
    http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 x_refsource_CONFIRM
    Date Public
    2014-11-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:47:41.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/1131"
              },
              {
                "name": "62738",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62738"
              },
              {
                "name": "GLSA-201611-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201611-01"
              },
              {
                "name": "FEDORA-2015-1267",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
              },
              {
                "name": "62751",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62751"
              },
              {
                "name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q1/216"
              },
              {
                "name": "71825",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71825"
              },
              {
                "name": "USN-2489-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2489-1"
              },
              {
                "name": "DSA-3152",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3152"
              },
              {
                "name": "[oss-security] 20141102 unzip -t crasher",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/489"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
              },
              {
                "name": "FEDORA-2015-1189",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
              },
              {
                "name": "[oss-security] 20141103 Re: unzip -t crasher",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/496"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/1131"
            },
            {
              "name": "62738",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62738"
            },
            {
              "name": "GLSA-201611-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201611-01"
            },
            {
              "name": "FEDORA-2015-1267",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
            },
            {
              "name": "62751",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62751"
            },
            {
              "name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q1/216"
            },
            {
              "name": "71825",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71825"
            },
            {
              "name": "USN-2489-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2489-1"
            },
            {
              "name": "DSA-3152",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3152"
            },
            {
              "name": "[oss-security] 20141102 unzip -t crasher",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/489"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "FEDORA-2015-1189",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
            },
            {
              "name": "[oss-security] 20141103 Re: unzip -t crasher",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/496"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/1131"
                },
                {
                  "name": "62738",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62738"
                },
                {
                  "name": "GLSA-201611-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201611-01"
                },
                {
                  "name": "FEDORA-2015-1267",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
                },
                {
                  "name": "62751",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62751"
                },
                {
                  "name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q1/216"
                },
                {
                  "name": "71825",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71825"
                },
                {
                  "name": "USN-2489-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2489-1"
                },
                {
                  "name": "DSA-3152",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3152"
                },
                {
                  "name": "[oss-security] 20141102 unzip -t crasher",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/489"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
                },
                {
                  "name": "FEDORA-2015-1189",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
                },
                {
                  "name": "[oss-security] 20141103 Re: unzip -t crasher",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/496"
                },
                {
                  "name": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450",
                  "refsource": "CONFIRM",
                  "url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9636",
        "datePublished": "2015-02-06T15:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:47:41.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36561 (GCVE-0-2020-36561)

    Vulnerability from nvd – Published: 2022-12-27 21:13 – Updated: 2025-04-11 16:38
    VLAI
    Title
    Path traversal in github.com/yi-ge/unzip
    Summary
    Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE 29: Path Traversal: "\..\filename"
    Assigner
    Go
    Impacted products
    Vendor Product Version
    github.com/yi-ge/unzip github.com/yi-ge/unzip Affected: 0 , < 1.0.3-0.20200308084313-2adbaa4891b9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:30:08.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/yi-ge/unzip/pull/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/research/zip-slip-vulnerability"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pkg.go.dev/vuln/GO-2020-0035"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36561",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-11T16:37:46.487917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-11T16:38:20.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "github.com/yi-ge/unzip",
              "product": "github.com/yi-ge/unzip",
              "programRoutines": [
                {
                  "name": "Unzip.Extract"
                }
              ],
              "vendor": "github.com/yi-ge/unzip",
              "versions": [
                {
                  "lessThan": "1.0.3-0.20200308084313-2adbaa4891b9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE 29: Path Traversal: \"\\..\\filename\"",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T19:03:53.400Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://github.com/yi-ge/unzip/pull/1"
            },
            {
              "url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73"
            },
            {
              "url": "https://snyk.io/research/zip-slip-vulnerability"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2020-0035"
            }
          ],
          "title": "Path traversal in github.com/yi-ge/unzip"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2020-36561",
        "datePublished": "2022-12-27T21:13:22.650Z",
        "dateReserved": "2022-07-29T17:07:52.749Z",
        "dateUpdated": "2025-04-11T16:38:20.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4217 (GCVE-0-2021-4217)

    Vulnerability from nvd – Published: 2022-08-24 15:08 – Updated: 2024-08-03 17:16
    VLAI
    Summary
    A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-476 - - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    n/a unzip Affected: unzip 6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2021-4217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unzip",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "unzip 6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 - NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:08:43.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2021-4217"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4217",
        "datePublished": "2022-08-24T15:08:43.000Z",
        "dateReserved": "2022-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0530 (GCVE-0-2022-0530)

    Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
    Severity
    No CVSS data available.
    CWE
    • SEGV
    Assigner
    Impacted products
    Vendor Product Version
    n/a unzip Affected: 6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ByteHackr/unzip_poc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213257"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213256"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213255"
              },
              {
                "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/33"
              },
              {
                "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/35"
              },
              {
                "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/May/38"
              },
              {
                "name": "DSA-5202",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5202"
              },
              {
                "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unzip",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SEGV",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T10:06:15.675Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ByteHackr/unzip_poc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT213257"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT213256"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT213255"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/33"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/35"
            },
            {
              "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/May/38"
            },
            {
              "name": "DSA-5202",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5202"
            },
            {
              "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
            },
            {
              "url": "https://security.gentoo.org/glsa/202310-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-0530",
        "datePublished": "2022-02-09T22:05:50.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:49.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0529 (GCVE-0-2022-0529)

    Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
    Severity
    No CVSS data available.
    CWE
    • SEGV
    Assigner
    Impacted products
    Vendor Product Version
    n/a unzip Affected: 6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/ByteHackr/unzip_poc"
              },
              {
                "name": "DSA-5202",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5202"
              },
              {
                "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unzip",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SEGV",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-30T10:06:17.856Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ByteHackr/unzip_poc"
            },
            {
              "name": "DSA-5202",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5202"
            },
            {
              "name": "[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
            },
            {
              "url": "https://security.gentoo.org/glsa/202310-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-0529",
        "datePublished": "2022-02-09T22:05:51.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:48.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8141 (GCVE-0-2014-8141)

    Vulnerability from nvd – Published: 2020-01-31 22:08 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Info-ZIP UnZip Affected: 6.0 and earlier
    Create a notification for this product.
    Date Public
    2014-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:50.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:0700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UnZip",
              "vendor": "Info-ZIP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2014-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T22:08:18.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:0700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174856"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1031433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-8141",
        "datePublished": "2020-01-31T22:08:18.000Z",
        "dateReserved": "2014-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:50.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8140 (GCVE-0-2014-8140)

    Vulnerability from nvd – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Info-ZIP UnZip Affected: 6.0 and earlier
    Create a notification for this product.
    Date Public
    2014-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:50.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:0700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UnZip",
              "vendor": "Info-ZIP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2014-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T22:00:32.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:0700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174851"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1031433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-8140",
        "datePublished": "2020-01-31T22:00:32.000Z",
        "dateReserved": "2014-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:50.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8139 (GCVE-0-2014-8139)

    Vulnerability from nvd – Published: 2020-01-31 22:00 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Info-ZIP UnZip Affected: 6.0 and earlier
    Create a notification for this product.
    Date Public
    2014-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:51.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:0700"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UnZip",
              "vendor": "Info-ZIP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2014-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T22:00:28.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2014-011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:0700"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174844"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securitytracker.com/id/1031433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-8139",
        "datePublished": "2020-01-31T22:00:28.000Z",
        "dateReserved": "2014-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:51.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13232 (GCVE-0-2019-13232)

    Vulnerability from nvd – Published: 2019-07-04 12:03 – Updated: 2024-08-04 23:49
    VLAI
    Summary
    Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:49:23.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bamsoftware.com/hacks/zipbomb/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/madler/unzip"
              },
              {
                "name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
              },
              {
                "name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "name": "GLSA-202003-58",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-58"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-26T19:06:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bamsoftware.com/hacks/zipbomb/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/madler/unzip"
            },
            {
              "name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
            },
            {
              "name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "name": "GLSA-202003-58",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-58"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-13232",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bamsoftware.com/hacks/zipbomb/",
                  "refsource": "MISC",
                  "url": "https://www.bamsoftware.com/hacks/zipbomb/"
                },
                {
                  "name": "https://github.com/madler/unzip",
                  "refsource": "MISC",
                  "url": "https://github.com/madler/unzip"
                },
                {
                  "name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1846-1] unzip security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00005.html"
                },
                {
                  "name": "[debian-lts-announce] 20190728 [SECURITY] [DLA 1846-2] unzip regression update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00027.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190814-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190814-0002/"
                },
                {
                  "name": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K80311892?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "GLSA-202003-58",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-58"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-13232",
        "datePublished": "2019-07-04T12:03:06.000Z",
        "dateReserved": "2019-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:49:23.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18384 (GCVE-0-2018-18384)

    Vulnerability from nvd – Published: 2018-10-16 15:00 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:21.792Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/infozip/bugs/53/"
              },
              {
                "name": "openSUSE-SU-2019:1117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
              },
              {
                "name": "RHSA-2019:2159",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/infozip/bugs/53/"
            },
            {
              "name": "openSUSE-SU-2019:1117",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
            },
            {
              "name": "RHSA-2019:2159",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2159"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-18384",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1110194",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194"
                },
                {
                  "name": "https://sourceforge.net/p/infozip/bugs/53/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/infozip/bugs/53/"
                },
                {
                  "name": "openSUSE-SU-2019:1117",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html"
                },
                {
                  "name": "RHSA-2019:2159",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2159"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18384",
        "datePublished": "2018-10-16T15:00:00.000Z",
        "dateReserved": "2018-10-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:21.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000035 (GCVE-0-2018-1000035)

    Vulnerability from nvd – Published: 2018-02-09 23:00 – Updated: 2024-08-05 12:33
    VLAI
    Summary
    A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:48.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
              },
              {
                "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
              },
              {
                "name": "GLSA-202003-58",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-58"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-02-01T00:00:00.000Z",
          "datePublic": "2018-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-26T19:06:03.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
            },
            {
              "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
            },
            {
              "name": "GLSA-202003-58",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-58"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-02-01 0:00:00",
              "ID": "CVE-2018-1000035",
              "REQUESTER": "research@sec-consult.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
                  "refsource": "MISC",
                  "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
                },
                {
                  "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2082-1] unzip security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00026.html"
                },
                {
                  "name": "GLSA-202003-58",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-58"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000035",
        "datePublished": "2018-02-09T23:00:00.000Z",
        "dateReserved": "2018-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:33:48.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9844 (GCVE-0-2016-9844)

    Vulnerability from nvd – Published: 2017-01-18 17:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94728",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94728"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
              },
              {
                "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-19T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "94728",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94728"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
            },
            {
              "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-9844",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94728",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94728"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
                },
                {
                  "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-9844",
        "datePublished": "2017-01-18T17:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:03.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9913 (GCVE-0-2014-9913)

    Vulnerability from nvd – Published: 2017-01-18 17:00 – Updated: 2024-08-06 14:02
    VLAI
    Summary
    Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:02:36.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95081"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
              },
              {
                "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
              },
              {
                "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
              },
              {
                "name": "[oss-security] 20141103 unzip -l crasher",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-19T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "95081",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95081"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
            },
            {
              "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
            },
            {
              "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
            },
            {
              "name": "[oss-security] 20141103 unzip -l crasher",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9913",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95081",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95081"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/19"
                },
                {
                  "name": "[oss-security] 20161205 CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/13"
                },
                {
                  "name": "[oss-security] 20161205 Re: CVE Request: Info-Zip zipinfo buffer overflow",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/12/05/20"
                },
                {
                  "name": "[oss-security] 20141103 unzip -l crasher",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/11/03/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9913",
        "datePublished": "2017-01-18T17:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:02:36.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7697 (GCVE-0-2015-7697)

    Vulnerability from nvd – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2788-2 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/09/07/4 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2015/dsa-3386 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id/1034027 vdb-entryx_refsource_SECTRACK
    http://www.ubuntu.com/usn/USN-2788-1 vendor-advisoryx_refsource_UBUNTU
    http://sourceforge.net/p/infozip/patches/23/ x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2015/09/15/6 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/76863 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/10/11/5 mailing-listx_refsource_MLIST
    Date Public
    2015-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.903Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2788-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-2"
              },
              {
                "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
              },
              {
                "name": "DSA-3386",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3386"
              },
              {
                "name": "1034027",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034027"
              },
              {
                "name": "USN-2788-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/p/infozip/patches/23/"
              },
              {
                "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
              },
              {
                "name": "76863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76863"
              },
              {
                "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-05T22:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-2788-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-2"
            },
            {
              "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
            },
            {
              "name": "DSA-3386",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3386"
            },
            {
              "name": "1034027",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034027"
            },
            {
              "name": "USN-2788-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/p/infozip/patches/23/"
            },
            {
              "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
            },
            {
              "name": "76863",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76863"
            },
            {
              "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7697",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2788-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-2"
                },
                {
                  "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
                },
                {
                  "name": "DSA-3386",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3386"
                },
                {
                  "name": "1034027",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034027"
                },
                {
                  "name": "USN-2788-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-1"
                },
                {
                  "name": "http://sourceforge.net/p/infozip/patches/23/",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/p/infozip/patches/23/"
                },
                {
                  "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
                },
                {
                  "name": "76863",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76863"
                },
                {
                  "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7697",
        "datePublished": "2015-11-06T18:00:00.000Z",
        "dateReserved": "2015-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7696 (GCVE-0-2015-7696)

    Vulnerability from nvd – Published: 2015-11-06 18:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2788-2 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/09/07/4 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2015/dsa-3386 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id/1034027 vdb-entryx_refsource_SECTRACK
    http://www.ubuntu.com/usn/USN-2788-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/09/21/6 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2015/09/15/6 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/76863 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/10/11/5 mailing-listx_refsource_MLIST
    Date Public
    2015-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2788-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-2"
              },
              {
                "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
              },
              {
                "name": "DSA-3386",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3386"
              },
              {
                "name": "1034027",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034027"
              },
              {
                "name": "USN-2788-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2788-1"
              },
              {
                "name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
              },
              {
                "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
              },
              {
                "name": "76863",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76863"
              },
              {
                "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-05T22:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-2788-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-2"
            },
            {
              "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
            },
            {
              "name": "DSA-3386",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3386"
            },
            {
              "name": "1034027",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034027"
            },
            {
              "name": "USN-2788-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2788-1"
            },
            {
              "name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
            },
            {
              "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
            },
            {
              "name": "76863",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76863"
            },
            {
              "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2788-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-2"
                },
                {
                  "name": "[oss-security] 20150907 Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/07/4"
                },
                {
                  "name": "DSA-3386",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3386"
                },
                {
                  "name": "1034027",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034027"
                },
                {
                  "name": "USN-2788-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2788-1"
                },
                {
                  "name": "[oss-security] 20150921 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/21/6"
                },
                {
                  "name": "[oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/09/15/6"
                },
                {
                  "name": "76863",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76863"
                },
                {
                  "name": "[oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/11/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7696",
        "datePublished": "2015-11-06T18:00:00.000Z",
        "dateReserved": "2015-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9636 (GCVE-0-2014-9636)

    Vulnerability from nvd – Published: 2015-02-06 15:00 – Updated: 2024-08-06 13:47
    VLAI
    Summary
    unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/oss-sec/2014/q4/1131 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/62738 third-party-advisoryx_refsource_SECUNIA
    https://security.gentoo.org/glsa/201611-01 vendor-advisoryx_refsource_GENTOO
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/62751 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2015/q1/216 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/71825 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2489-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2015/dsa-3152 vendor-advisoryx_refsource_DEBIAN
    http://seclists.org/oss-sec/2014/q4/489 mailing-listx_refsource_MLIST
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://seclists.org/oss-sec/2014/q4/496 mailing-listx_refsource_MLIST
    http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 x_refsource_CONFIRM
    Date Public
    2014-11-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:47:41.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/1131"
              },
              {
                "name": "62738",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62738"
              },
              {
                "name": "GLSA-201611-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201611-01"
              },
              {
                "name": "FEDORA-2015-1267",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
              },
              {
                "name": "62751",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62751"
              },
              {
                "name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q1/216"
              },
              {
                "name": "71825",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71825"
              },
              {
                "name": "USN-2489-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2489-1"
              },
              {
                "name": "DSA-3152",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3152"
              },
              {
                "name": "[oss-security] 20141102 unzip -t crasher",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/489"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
              },
              {
                "name": "FEDORA-2015-1189",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
              },
              {
                "name": "[oss-security] 20141103 Re: unzip -t crasher",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q4/496"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/1131"
            },
            {
              "name": "62738",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62738"
            },
            {
              "name": "GLSA-201611-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201611-01"
            },
            {
              "name": "FEDORA-2015-1267",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
            },
            {
              "name": "62751",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62751"
            },
            {
              "name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q1/216"
            },
            {
              "name": "71825",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71825"
            },
            {
              "name": "USN-2489-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2489-1"
            },
            {
              "name": "DSA-3152",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3152"
            },
            {
              "name": "[oss-security] 20141102 unzip -t crasher",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/489"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "FEDORA-2015-1189",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
            },
            {
              "name": "[oss-security] 20141103 Re: unzip -t crasher",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q4/496"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20141222 Re: CVE Request: Info-ZIP unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/1131"
                },
                {
                  "name": "62738",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62738"
                },
                {
                  "name": "GLSA-201611-01",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201611-01"
                },
                {
                  "name": "FEDORA-2015-1267",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html"
                },
                {
                  "name": "62751",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62751"
                },
                {
                  "name": "[oss-security] 20141222 CVE Request: Info-ZIP unzip 6.0",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q1/216"
                },
                {
                  "name": "71825",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71825"
                },
                {
                  "name": "USN-2489-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2489-1"
                },
                {
                  "name": "DSA-3152",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3152"
                },
                {
                  "name": "[oss-security] 20141102 unzip -t crasher",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/489"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
                },
                {
                  "name": "FEDORA-2015-1189",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html"
                },
                {
                  "name": "[oss-security] 20141103 Re: unzip -t crasher",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q4/496"
                },
                {
                  "name": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450",
                  "refsource": "CONFIRM",
                  "url": "http://www.info-zip.org/phpBB3/viewtopic.php?f=7\u0026t=450"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9636",
        "datePublished": "2015-02-06T15:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:47:41.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }