5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.259 Low
EPSS
Percentile
96.2%
A buffer overflow (out-of-bounds read or write) in test_compr_eb() in
extract.c was found in the way unzip handled an extra field with an
uncompressed size smaller than the compressed field size in a zip
archive that advertises STORED method compression. A specially crafted
Zip archive could cause unzip to crash or, possibly, execute arbitrary code.