CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.1%
A HexView security advisory reports:
When zip performs recursive folder compression, it does
not check for the length of resulting path. If the path is
too long, a buffer overflow occurs leading to stack
corruption and segmentation fault. It is possible to
exploit this vulnerability by embedding a shellcode in
directory or file name. While the issue is not of primary
concern for regular users, it can be critical for
environments where zip archives are re-compressed
automatically using Info-Zip application.