Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2021-1604
HistoryFeb 17, 2021 - 6:14 p.m.

Important: unzip

2021-02-1718:14:00
alas.aws.amazon.com
12

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

Issue Overview:

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. (CVE-2015-7697)

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. (CVE-2016-9844)

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. (CVE-2018-1000035)

Affected Packages:

unzip

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update unzip to update your system.

New Packages:

aarch64:  
    unzip-6.0-43.amzn2.aarch64  
    unzip-debuginfo-6.0-43.amzn2.aarch64  
  
i686:  
    unzip-6.0-43.amzn2.i686  
    unzip-debuginfo-6.0-43.amzn2.i686  
  
src:  
    unzip-6.0-43.amzn2.src  
  
x86_64:  
    unzip-6.0-43.amzn2.x86_64  
    unzip-debuginfo-6.0-43.amzn2.x86_64

Additional References

Red Hat: CVE-2015-7697, CVE-2016-9844, CVE-2018-1000035

Mitre: CVE-2015-7697, CVE-2016-9844, CVE-2018-1000035

Related

nessus 39
rosalinux 1
openvas 27
ibm 1
suse 2
cbl_mariner 9
cve 3
debiancve 3
osv 7
ubuntu 3
fedora 3
photon 10
cloudfoundry 2
checkpoint_advisories 1
prion 3
ubuntucve 3
alpinelinux 3
veracode 2
debian 5
redhatcve 2
slackware 1
securityvulns 2
freebsd 1
gentoo 1
archlinux 1
mageia 2
packetstorm 1
nessus
nessus
Amazon Linux 2 : unzip (ALAS-2021-1604)
2021-02-19 00:00:00
EulerOS 2.0 SP2 : unzip (EulerOS-SA-2019-2429)
2019-12-04 00:00:00
openSUSE Security Update : unzip (openSUSE-2018-1124)
2018-10-09 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1991
2021-07-02 18:18:35
openvas
openvas
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2019-2429)
2020-01-23 00:00:00
openSUSE: Security Advisory for unzip (openSUSE-SU-2018:3043-1)
2018-10-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2978-1)
2021-04-19 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in unzip affect IBM Flex System Manager (FSM)
2018-06-18 01:42:30
suse
suse
Security update for unzip (moderate)
2018-10-05 21:18:21
Security update for unzip (moderate)
2018-07-07 03:08:17
cbl_mariner
cbl_mariner
CVE-2015-7697 affecting package unzip 6.0-19
2020-09-09 06:09:13
CVE-2015-7697 affecting package unzip 6.0-20
2022-04-09 06:51:51
CVE-2018-1000035 affecting package unzip 6.0-19
2020-10-08 18:09:51
cve
cve
CVE-2015-7697
2015-11-06 18:59:00
CVE-2018-1000035
2018-02-09 23:29:00
CVE-2016-9844
2017-01-18 17:59:00
debiancve
debiancve
CVE-2015-7697
2015-11-06 18:59:00
CVE-2016-9844
2017-01-18 17:59:00
CVE-2018-1000035
2018-02-09 23:29:00
osv
osv
unzip vulnerabilities
2020-12-16 17:27:07
CVE-2016-9844
2017-01-18 17:59:01
unzip - security update
2020-01-28 00:00:00
ubuntu
ubuntu
unzip vulnerabilities
2020-12-16 00:00:00
unzip vulnerabilities
2015-10-29 00:00:00
unzip regression
2015-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: unzip-6.0-31.fc24
2016-12-16 22:24:27
[SECURITY] Fedora 25 Update: unzip-6.0-31.fc25
2016-12-16 21:08:20
[SECURITY] Fedora 27 Update: unzip-6.0-37.fc27
2018-03-06 17:36:06
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0052
2018-06-01 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0144
2018-06-01 00:00:00
Important Photon OS Security Update - PHSA-2018-0052
2018-06-01 00:00:00
cloudfoundry
cloudfoundry
USN-4672-1: unzip vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
USN-2788-1 and USN-2788-2 unzip vulnerability | Cloud Foundry
2015-11-24 00:00:00
checkpoint_advisories
checkpoint_advisories
InfoZip UnZip Buffer Overflow (CVE-2018-1000035)
2022-09-18 00:00:00
prion
prion
Heap overflow
2018-02-09 23:29:00
Design/Logic Flaw
2015-11-06 18:59:00
Buffer overflow
2017-01-18 17:59:00
ubuntucve
ubuntucve
CVE-2015-7697
2015-10-12 00:00:00
CVE-2018-1000035
2018-02-09 00:00:00
CVE-2016-9844
2017-01-18 00:00:00
alpinelinux
alpinelinux
CVE-2015-7697
2015-11-06 18:59:00
CVE-2016-9844
2017-01-18 17:59:00
CVE-2018-1000035
2018-02-09 23:29:00
veracode
veracode
Buffer Overflow
2020-12-06 04:21:28
Denial Of Service(DoS)
2020-12-17 06:43:42
debian
debian
[SECURITY] [DLA 2082-1] unzip security update
2020-01-28 21:18:22
[SECURITY] [DLA 330-1] unzip security update
2015-10-22 09:43:10
[SECURITY] [DSA 3386-1] unzip security update
2015-10-31 14:36:35
redhatcve
redhatcve
CVE-2018-1000035
2018-02-08 09:19:14
CVE-2016-9844
2016-12-06 09:47:30
slackware
slackware
[slackware-security] infozip
2019-03-01 20:58:06
securityvulns
securityvulns
unzip security vulneravilities
2015-11-01 00:00:00
[USN-2788-1] unzip vulnerabilities
2015-11-01 00:00:00
freebsd
freebsd
unzip -- multiple vulnerabilities
2015-09-26 00:00:00
gentoo
gentoo
UnZip: User-assisted execution of arbitrary code
2020-03-26 00:00:00
archlinux
archlinux
unzip: multiple issues
2015-11-03 00:00:00
mageia
mageia
Updated unzip package fixes security vulnerabilities
2017-01-13 13:32:16
Updated unzip packages fix security vulnerabilities
2018-10-30 21:01:43
packetstorm
packetstorm
InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
2018-02-07 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON
Related for ALAS2-2021-1604
nessus39rosalinux1openvas27ibm1suse2cbl_mariner9cve3debiancve3osv7ubuntu3fedora3photon10cloudfoundry2checkpoint_advisories1prion3ubuntucve3alpinelinux3veracode2debian5redhatcve2slackware1securityvulns2freebsd1gentoo1archlinux1mageia2packetstorm1