csaf_redhat - rhsa-2004:634

RHSA-2004:634

Vulnerability from csaf_redhat - Published: 2004-12-16 20:49 - Updated: 2025-11-21 17:27

Summary

Red Hat Security Advisory: zip security update

Notes

Topic

An updated zip package that fixes a buffer overflow vulnerability is now available.

Details

The zip program is an archiving utility which can create ZIP-compatible archives. A buffer overflow bug has been discovered in zip when handling long file names. An attacker could create a specially crafted path which could cause zip to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1010 to this issue. Users of zip should upgrade to this updated package, which contains backported patches and is not vulnerable to this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated zip package that fixes a buffer overflow vulnerability is now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The zip program is an archiving utility which can create ZIP-compatible\narchives.\n\nA buffer overflow bug has been discovered in zip when handling long file\nnames.  An attacker could create a specially crafted path which could\ncause zip to crash or execute arbitrary instructions.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-1010 to this issue.\n\nUsers of zip should upgrade to this updated package, which contains\nbackported patches and is not vulnerable to this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:634",
        "url": "https://access.redhat.com/errata/RHSA-2004:634"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html",
        "url": "http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html"
      },
      {
        "category": "external",
        "summary": "138228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138228"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_634.json"
      }
    ],
    "title": "Red Hat Security Advisory: zip security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:27:58+00:00",
      "generator": {
        "date": "2025-11-21T17:27:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2004:634",
      "initial_release_date": "2004-12-16T20:49:00+00:00",
      "revision_history": [
        {
          "date": "2004-12-16T20:49:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-12-16T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:27:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3",
                  "product_id": "3AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3",
                "product": {
                  "name": "Red Hat Desktop version 3",
                  "product_id": "3Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3",
                  "product_id": "3ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3",
                  "product_id": "3WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zip-debuginfo-0:2.3-16.1.ia64",
                "product": {
                  "name": "zip-debuginfo-0:2.3-16.1.ia64",
                  "product_id": "zip-debuginfo-0:2.3-16.1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip-debuginfo@2.3-16.1?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "zip-0:2.3-16.1.ia64",
                "product": {
                  "name": "zip-0:2.3-16.1.ia64",
                  "product_id": "zip-0:2.3-16.1.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip@2.3-16.1?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zip-debuginfo-0:2.3-16.1.x86_64",
                "product": {
                  "name": "zip-debuginfo-0:2.3-16.1.x86_64",
                  "product_id": "zip-debuginfo-0:2.3-16.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip-debuginfo@2.3-16.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "zip-0:2.3-16.1.x86_64",
                "product": {
                  "name": "zip-0:2.3-16.1.x86_64",
                  "product_id": "zip-0:2.3-16.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip@2.3-16.1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zip-debuginfo-0:2.3-16.1.i386",
                "product": {
                  "name": "zip-debuginfo-0:2.3-16.1.i386",
                  "product_id": "zip-debuginfo-0:2.3-16.1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip-debuginfo@2.3-16.1?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "zip-0:2.3-16.1.i386",
                "product": {
                  "name": "zip-0:2.3-16.1.i386",
                  "product_id": "zip-0:2.3-16.1.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip@2.3-16.1?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zip-0:2.3-16.1.src",
                "product": {
                  "name": "zip-0:2.3-16.1.src",
                  "product_id": "zip-0:2.3-16.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip@2.3-16.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zip-debuginfo-0:2.3-16.1.ppc",
                "product": {
                  "name": "zip-debuginfo-0:2.3-16.1.ppc",
                  "product_id": "zip-debuginfo-0:2.3-16.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip-debuginfo@2.3-16.1?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "zip-0:2.3-16.1.ppc",
                "product": {
                  "name": "zip-0:2.3-16.1.ppc",
                  "product_id": "zip-0:2.3-16.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip@2.3-16.1?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zip-debuginfo-0:2.3-16.1.s390x",
                "product": {
                  "name": "zip-debuginfo-0:2.3-16.1.s390x",
                  "product_id": "zip-debuginfo-0:2.3-16.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip-debuginfo@2.3-16.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "zip-0:2.3-16.1.s390x",
                "product": {
                  "name": "zip-0:2.3-16.1.s390x",
                  "product_id": "zip-0:2.3-16.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip@2.3-16.1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zip-debuginfo-0:2.3-16.1.s390",
                "product": {
                  "name": "zip-debuginfo-0:2.3-16.1.s390",
                  "product_id": "zip-debuginfo-0:2.3-16.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip-debuginfo@2.3-16.1?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "zip-0:2.3-16.1.s390",
                "product": {
                  "name": "zip-0:2.3-16.1.s390",
                  "product_id": "zip-0:2.3-16.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/zip@2.3-16.1?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.i386 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-0:2.3-16.1.i386"
        },
        "product_reference": "zip-0:2.3-16.1.i386",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ia64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ppc as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-0:2.3-16.1.s390"
        },
        "product_reference": "zip-0:2.3-16.1.s390",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390x as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.src as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-0:2.3-16.1.src"
        },
        "product_reference": "zip-0:2.3-16.1.src",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.i386 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-debuginfo-0:2.3-16.1.i386"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.i386",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ia64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-debuginfo-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ppc as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-debuginfo-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-debuginfo-0:2.3-16.1.s390"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390x as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-debuginfo-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:zip-debuginfo-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.i386 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-0:2.3-16.1.i386"
        },
        "product_reference": "zip-0:2.3-16.1.i386",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ia64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ppc as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-0:2.3-16.1.s390"
        },
        "product_reference": "zip-0:2.3-16.1.s390",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390x as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.src as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-0:2.3-16.1.src"
        },
        "product_reference": "zip-0:2.3-16.1.src",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.x86_64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.i386 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-debuginfo-0:2.3-16.1.i386"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.i386",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ia64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-debuginfo-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ppc as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-debuginfo-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-debuginfo-0:2.3-16.1.s390"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390x as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-debuginfo-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.x86_64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:zip-debuginfo-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.i386 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-0:2.3-16.1.i386"
        },
        "product_reference": "zip-0:2.3-16.1.i386",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ia64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ppc as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-0:2.3-16.1.s390"
        },
        "product_reference": "zip-0:2.3-16.1.s390",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390x as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.src as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-0:2.3-16.1.src"
        },
        "product_reference": "zip-0:2.3-16.1.src",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.i386 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-debuginfo-0:2.3-16.1.i386"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.i386",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ia64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-debuginfo-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ppc as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-debuginfo-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-debuginfo-0:2.3-16.1.s390"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390x as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-debuginfo-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:zip-debuginfo-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.i386 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-0:2.3-16.1.i386"
        },
        "product_reference": "zip-0:2.3-16.1.i386",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ia64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.ppc as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-0:2.3-16.1.s390"
        },
        "product_reference": "zip-0:2.3-16.1.s390",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.s390x as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.src as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-0:2.3-16.1.src"
        },
        "product_reference": "zip-0:2.3-16.1.src",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-0:2.3-16.1.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.i386 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-debuginfo-0:2.3-16.1.i386"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.i386",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ia64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-debuginfo-0:2.3-16.1.ia64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ia64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.ppc as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-debuginfo-0:2.3-16.1.ppc"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.ppc",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-debuginfo-0:2.3-16.1.s390"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.s390x as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-debuginfo-0:2.3-16.1.s390x"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.s390x",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zip-debuginfo-0:2.3-16.1.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:zip-debuginfo-0:2.3-16.1.x86_64"
        },
        "product_reference": "zip-debuginfo-0:2.3-16.1.x86_64",
        "relates_to_product_reference": "3WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-1010",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617348"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS:zip-0:2.3-16.1.i386",
          "3AS:zip-0:2.3-16.1.ia64",
          "3AS:zip-0:2.3-16.1.ppc",
          "3AS:zip-0:2.3-16.1.s390",
          "3AS:zip-0:2.3-16.1.s390x",
          "3AS:zip-0:2.3-16.1.src",
          "3AS:zip-0:2.3-16.1.x86_64",
          "3AS:zip-debuginfo-0:2.3-16.1.i386",
          "3AS:zip-debuginfo-0:2.3-16.1.ia64",
          "3AS:zip-debuginfo-0:2.3-16.1.ppc",
          "3AS:zip-debuginfo-0:2.3-16.1.s390",
          "3AS:zip-debuginfo-0:2.3-16.1.s390x",
          "3AS:zip-debuginfo-0:2.3-16.1.x86_64",
          "3Desktop:zip-0:2.3-16.1.i386",
          "3Desktop:zip-0:2.3-16.1.ia64",
          "3Desktop:zip-0:2.3-16.1.ppc",
          "3Desktop:zip-0:2.3-16.1.s390",
          "3Desktop:zip-0:2.3-16.1.s390x",
          "3Desktop:zip-0:2.3-16.1.src",
          "3Desktop:zip-0:2.3-16.1.x86_64",
          "3Desktop:zip-debuginfo-0:2.3-16.1.i386",
          "3Desktop:zip-debuginfo-0:2.3-16.1.ia64",
          "3Desktop:zip-debuginfo-0:2.3-16.1.ppc",
          "3Desktop:zip-debuginfo-0:2.3-16.1.s390",
          "3Desktop:zip-debuginfo-0:2.3-16.1.s390x",
          "3Desktop:zip-debuginfo-0:2.3-16.1.x86_64",
          "3ES:zip-0:2.3-16.1.i386",
          "3ES:zip-0:2.3-16.1.ia64",
          "3ES:zip-0:2.3-16.1.ppc",
          "3ES:zip-0:2.3-16.1.s390",
          "3ES:zip-0:2.3-16.1.s390x",
          "3ES:zip-0:2.3-16.1.src",
          "3ES:zip-0:2.3-16.1.x86_64",
          "3ES:zip-debuginfo-0:2.3-16.1.i386",
          "3ES:zip-debuginfo-0:2.3-16.1.ia64",
          "3ES:zip-debuginfo-0:2.3-16.1.ppc",
          "3ES:zip-debuginfo-0:2.3-16.1.s390",
          "3ES:zip-debuginfo-0:2.3-16.1.s390x",
          "3ES:zip-debuginfo-0:2.3-16.1.x86_64",
          "3WS:zip-0:2.3-16.1.i386",
          "3WS:zip-0:2.3-16.1.ia64",
          "3WS:zip-0:2.3-16.1.ppc",
          "3WS:zip-0:2.3-16.1.s390",
          "3WS:zip-0:2.3-16.1.s390x",
          "3WS:zip-0:2.3-16.1.src",
          "3WS:zip-0:2.3-16.1.x86_64",
          "3WS:zip-debuginfo-0:2.3-16.1.i386",
          "3WS:zip-debuginfo-0:2.3-16.1.ia64",
          "3WS:zip-debuginfo-0:2.3-16.1.ppc",
          "3WS:zip-debuginfo-0:2.3-16.1.s390",
          "3WS:zip-debuginfo-0:2.3-16.1.s390x",
          "3WS:zip-debuginfo-0:2.3-16.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1010"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617348",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617348"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1010"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1010",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1010"
        }
      ],
      "release_date": "2004-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-16T20:49:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "3AS:zip-0:2.3-16.1.i386",
            "3AS:zip-0:2.3-16.1.ia64",
            "3AS:zip-0:2.3-16.1.ppc",
            "3AS:zip-0:2.3-16.1.s390",
            "3AS:zip-0:2.3-16.1.s390x",
            "3AS:zip-0:2.3-16.1.src",
            "3AS:zip-0:2.3-16.1.x86_64",
            "3AS:zip-debuginfo-0:2.3-16.1.i386",
            "3AS:zip-debuginfo-0:2.3-16.1.ia64",
            "3AS:zip-debuginfo-0:2.3-16.1.ppc",
            "3AS:zip-debuginfo-0:2.3-16.1.s390",
            "3AS:zip-debuginfo-0:2.3-16.1.s390x",
            "3AS:zip-debuginfo-0:2.3-16.1.x86_64",
            "3Desktop:zip-0:2.3-16.1.i386",
            "3Desktop:zip-0:2.3-16.1.ia64",
            "3Desktop:zip-0:2.3-16.1.ppc",
            "3Desktop:zip-0:2.3-16.1.s390",
            "3Desktop:zip-0:2.3-16.1.s390x",
            "3Desktop:zip-0:2.3-16.1.src",
            "3Desktop:zip-0:2.3-16.1.x86_64",
            "3Desktop:zip-debuginfo-0:2.3-16.1.i386",
            "3Desktop:zip-debuginfo-0:2.3-16.1.ia64",
            "3Desktop:zip-debuginfo-0:2.3-16.1.ppc",
            "3Desktop:zip-debuginfo-0:2.3-16.1.s390",
            "3Desktop:zip-debuginfo-0:2.3-16.1.s390x",
            "3Desktop:zip-debuginfo-0:2.3-16.1.x86_64",
            "3ES:zip-0:2.3-16.1.i386",
            "3ES:zip-0:2.3-16.1.ia64",
            "3ES:zip-0:2.3-16.1.ppc",
            "3ES:zip-0:2.3-16.1.s390",
            "3ES:zip-0:2.3-16.1.s390x",
            "3ES:zip-0:2.3-16.1.src",
            "3ES:zip-0:2.3-16.1.x86_64",
            "3ES:zip-debuginfo-0:2.3-16.1.i386",
            "3ES:zip-debuginfo-0:2.3-16.1.ia64",
            "3ES:zip-debuginfo-0:2.3-16.1.ppc",
            "3ES:zip-debuginfo-0:2.3-16.1.s390",
            "3ES:zip-debuginfo-0:2.3-16.1.s390x",
            "3ES:zip-debuginfo-0:2.3-16.1.x86_64",
            "3WS:zip-0:2.3-16.1.i386",
            "3WS:zip-0:2.3-16.1.ia64",
            "3WS:zip-0:2.3-16.1.ppc",
            "3WS:zip-0:2.3-16.1.s390",
            "3WS:zip-0:2.3-16.1.s390x",
            "3WS:zip-0:2.3-16.1.src",
            "3WS:zip-0:2.3-16.1.x86_64",
            "3WS:zip-debuginfo-0:2.3-16.1.i386",
            "3WS:zip-debuginfo-0:2.3-16.1.ia64",
            "3WS:zip-debuginfo-0:2.3-16.1.ppc",
            "3WS:zip-debuginfo-0:2.3-16.1.s390",
            "3WS:zip-debuginfo-0:2.3-16.1.s390x",
            "3WS:zip-debuginfo-0:2.3-16.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:634"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

CVE-2004-1010 (GCVE-0-2004-1010)

Vulnerability from cvelistv5 – Published: 2004-11-09 05:00 – Updated: 2024-08-08 00:39

Summary

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/11603	vdb-entryx_refsource_BID
	http://www.ciac.org/ciac/bulletins/p-072.shtml	third-party-advisorygovernment-resourcex_refsource_CIAC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.info-zip.org/FAQ.html	x_refsource_CONFIRM
	http://www.hexview.com/docs/20041103-1.txt	x_refsource_MISC
	https://bugzilla.fedora.us/show_bug.cgi?id=2255	vendor-advisoryx_refsource_FEDORA
	http://www.turbolinux.com/security/2005/TLSA-2005…	vendor-advisoryx_refsource_TURBO
	http://www.debian.org/security/2005/dsa-624	vendor-advisoryx_refsource_DEBIAN
	http://security.gentoo.org/glsa/glsa-200411-16.xml	vendor-advisoryx_refsource_GENTOO
	http://www.redhat.com/support/errata/RHSA-2004-634.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/13094/	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRAKE
	https://usn.ubuntu.com/18-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://marc.info/?l=bugtraq&m=109958840611053&w=2	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "11603",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11603"
          },
          {
            "name": "P-072",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/p-072.shtml"
          },
          {
            "name": "oval:org.mitre.oval:def:9848",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848"
          },
          {
            "name": "infozip-compressed-folder-bo(17956)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.info-zip.org/FAQ.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hexview.com/docs/20041103-1.txt"
          },
          {
            "name": "FLSA:2255",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2255"
          },
          {
            "name": "TLSA-2005-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_TURBO",
              "x_transferred"
            ],
            "url": "http://www.turbolinux.com/security/2005/TLSA-2005-18.txt"
          },
          {
            "name": "DSA-624",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-624"
          },
          {
            "name": "GLSA-200411-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200411-16.xml"
          },
          {
            "name": "RHSA-2004:634",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-634.html"
          },
          {
            "name": "13094",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13094/"
          },
          {
            "name": "MDKSA-2004:141",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:141"
          },
          {
            "name": "USN-18-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/18-1/"
          },
          {
            "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html"
          },
          {
            "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109958840611053\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "11603",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11603"
        },
        {
          "name": "P-072",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/p-072.shtml"
        },
        {
          "name": "oval:org.mitre.oval:def:9848",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848"
        },
        {
          "name": "infozip-compressed-folder-bo(17956)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.info-zip.org/FAQ.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hexview.com/docs/20041103-1.txt"
        },
        {
          "name": "FLSA:2255",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2255"
        },
        {
          "name": "TLSA-2005-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_TURBO"
          ],
          "url": "http://www.turbolinux.com/security/2005/TLSA-2005-18.txt"
        },
        {
          "name": "DSA-624",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-624"
        },
        {
          "name": "GLSA-200411-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200411-16.xml"
        },
        {
          "name": "RHSA-2004:634",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-634.html"
        },
        {
          "name": "13094",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13094/"
        },
        {
          "name": "MDKSA-2004:141",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:141"
        },
        {
          "name": "USN-18-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/18-1/"
        },
        {
          "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html"
        },
        {
          "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109958840611053\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1010",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11603",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11603"
            },
            {
              "name": "P-072",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/p-072.shtml"
            },
            {
              "name": "oval:org.mitre.oval:def:9848",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848"
            },
            {
              "name": "infozip-compressed-folder-bo(17956)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17956"
            },
            {
              "name": "http://www.info-zip.org/FAQ.html",
              "refsource": "CONFIRM",
              "url": "http://www.info-zip.org/FAQ.html"
            },
            {
              "name": "http://www.hexview.com/docs/20041103-1.txt",
              "refsource": "MISC",
              "url": "http://www.hexview.com/docs/20041103-1.txt"
            },
            {
              "name": "FLSA:2255",
              "refsource": "FEDORA",
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2255"
            },
            {
              "name": "TLSA-2005-18",
              "refsource": "TURBO",
              "url": "http://www.turbolinux.com/security/2005/TLSA-2005-18.txt"
            },
            {
              "name": "DSA-624",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-624"
            },
            {
              "name": "GLSA-200411-16",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200411-16.xml"
            },
            {
              "name": "RHSA-2004:634",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-634.html"
            },
            {
              "name": "13094",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13094/"
            },
            {
              "name": "MDKSA-2004:141",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:141"
            },
            {
              "name": "USN-18-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/18-1/"
            },
            {
              "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html"
            },
            {
              "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109958840611053\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1010",
    "datePublished": "2004-11-09T05:00:00",
    "dateReserved": "2004-11-04T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2004:634

CVE-2004-1010 (GCVE-0-2004-1010)

Tags

Sightings

Nomenclature