7.5 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.072 Low
EPSS
Percentile
94.0%
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
CPE | Name | Operator | Version |
---|---|---|---|
info-zip:unzip | info-zip unzip | eq | * |
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
secunia.com/advisories/29392
secunia.com/advisories/29406
secunia.com/advisories/29415
secunia.com/advisories/29427
secunia.com/advisories/29432
secunia.com/advisories/29440
secunia.com/advisories/29495
secunia.com/advisories/29681
secunia.com/advisories/30535
secunia.com/advisories/31204
security.gentoo.org/glsa/glsa-200804-06.xml
support.apple.com/kb/HT4077
wiki.rpath.com/Advisories:rPSA-2008-0116
wiki.rpath.com/wiki/Advisories:rPSA-2008-0116
www.debian.org/security/2008/dsa-1522
www.ipcop.org/index.php?name=News&file=article&sid=40
www.mandriva.com/en/security/advisories?name=MDVSA-2008:068
www.redhat.com/support/errata/RHSA-2008-0196.html
www.securityfocus.com/archive/1/489967/100/0/threaded
www.securityfocus.com/archive/1/493080/100/0/threaded
www.securityfocus.com/bid/28288
www.securitytracker.com/id?1019634
www.ubuntu.com/usn/usn-589-1
www.vmware.com/security/advisories/VMSA-2008-0009.html
www.vupen.com/english/advisories/2008/0913/references
www.vupen.com/english/advisories/2008/1744
exchange.xforce.ibmcloud.com/vulnerabilities/41246
issues.rpath.com/browse/RPL-2317
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9733