Lucene search

Gentoo FoundationGLSA-200804-06

HistoryApr 06, 2008 - 12:00 a.m.

UnZip: User-assisted execution of arbitrary code

2008-04-0600:00:00

Gentoo Foundation

security.gentoo.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.072 Low

EPSS

Percentile

94.0%

JSON

Background

Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files.

Description

Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using invalid buffers, which can lead to a double free.

Impact

Remote attackers could entice a user or automated system to open a specially crafted ZIP file that might lead to the execution of arbitrary code or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All UnZip users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-arch/unzip-5.52-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-arch/unzip< 5.52-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-arch/unzip	< 5.52-r2	UNKNOWN

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.072 Low

EPSS

Percentile

94.0%

JSON

Related for GLSA-200804-06