Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202003-58
HistoryMar 26, 2020 - 12:00 a.m.

UnZip: User-assisted execution of arbitrary code

2020-03-2600:00:00
Gentoo Foundation
security.gentoo.org
35

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%

JSON

Background

Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files.

Description

Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted ZIP archive using UnZip, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All UnZip users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p25"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-arch/unzip< 6.0_p25UNKNOWN

Related

nessus 47
openvas 20
prion 2
veracode 2
debiancve 2
redhat 5
photon 12
osv 5
ubuntu 1
checkpoint_advisories 1
cbl_mariner 6
cloudfoundry 1
oraclelinux 2
ubuntucve 2
cve 2
mageia 2
centos 1
fedora 1
debian 3
alpinelinux 2
redhatcve 2
f5 1
ibm 4
almalinux 1
amazon 2
suse 2
rosalinux 1
packetstorm 1
slackware 1
nessus
nessus
EulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-1880)
2019-09-16 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : unzip (EulerOS-SA-2019-1949)
2019-09-17 00:00:00
GLSA-202003-58 : UnZip: User-assisted execution of arbitrary code
2020-03-27 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2019-1949)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1462)
2020-04-16 00:00:00
Ubuntu: Security Advisory (USN-4672-1)
2020-12-17 00:00:00
prion
prion
Design/Logic Flaw
2019-07-04 13:15:00
Heap overflow
2018-02-09 23:29:00
veracode
veracode
Denial Of Service (DoS)
2020-04-01 00:38:39
Denial Of Service(DoS)
2020-12-17 06:43:42
debiancve
debiancve
CVE-2019-13232
2019-07-04 13:15:00
CVE-2018-1000035
2018-02-09 23:29:00
redhat
redhat
(RHSA-2020:1787) Low: unzip security update
2020-04-28 09:16:24
(RHSA-2020:1181) Low: unzip security update
2020-03-31 09:29:08
(RHSA-2020:2486) Low: unzip security update
2020-06-10 15:00:54
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0052
2018-06-01 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0144
2018-06-01 00:00:00
Important Photon OS Security Update - PHSA-2018-0052
2018-06-01 00:00:00
osv
osv
unzip vulnerabilities
2020-12-16 17:27:07
unzip - security update
2020-01-28 00:00:00
unzip - security update
2019-07-07 00:00:00
ubuntu
ubuntu
unzip vulnerabilities
2020-12-16 00:00:00
checkpoint_advisories
checkpoint_advisories
InfoZip UnZip Buffer Overflow (CVE-2018-1000035)
2022-09-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-1000035 affecting package unzip 6.0-19
2020-10-08 18:09:51
CVE-2018-1000035 affecting package unzip 6.0-20
2022-04-09 06:51:51
CVE-2018-1000035 affecting package unzip 6.0-20
2024-03-19 17:21:46
cloudfoundry
cloudfoundry
USN-4672-1: unzip vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
oraclelinux
oraclelinux
unzip security update
2020-05-05 00:00:00
unzip security update
2020-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2019-13232
2019-07-04 00:00:00
CVE-2018-1000035
2018-02-09 00:00:00
cve
cve
CVE-2019-13232
2019-07-04 13:15:00
CVE-2018-1000035
2018-02-09 23:29:00
mageia
mageia
Updated unzip package fixes a security vulnerability
2021-01-17 19:07:01
Updated unzip packages fix security vulnerabilities
2018-10-30 21:01:43
centos
centos
unzip security update
2020-04-08 20:06:45
fedora
fedora
[SECURITY] Fedora 27 Update: unzip-6.0-37.fc27
2018-03-06 17:36:06
debian
debian
[SECURITY] [DLA 2082-1] unzip security update
2020-01-28 21:18:22
[SECURITY] [DLA 1846-1] unzip security update
2019-07-07 20:09:22
[SECURITY] [DLA 1846-2] unzip regression update
2019-07-28 22:40:22
alpinelinux
alpinelinux
CVE-2018-1000035
2018-02-09 23:29:00
CVE-2019-13232
2019-07-04 13:15:00
redhatcve
redhatcve
CVE-2018-1000035
2018-02-08 09:19:14
CVE-2019-13232
2019-07-08 06:51:23
f5
f5
K80311892 : InfoZIP vulnerability CVE-2019-13232
2019-10-17 00:00:00
ibm
ibm
Security Bulletin: IBM DataPower Gateway may allow a potential DoS when importing malicious ZIP files (CVE-2019-13232)
2021-06-08 22:33:53
Security Bulletin: Unzip as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-13232)
2020-10-13 16:56:16
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2019-13232)
2020-07-23 21:36:06
almalinux
almalinux
Low: unzip security update
2020-04-28 09:16:24
amazon
amazon
Low: unzip
2020-10-22 18:43:00
Important: unzip
2021-02-17 18:14:00
suse
suse
Security update for unzip (moderate)
2018-07-07 03:08:17
Security update for unzip (moderate)
2018-10-05 21:18:21
rosalinux
rosalinux
Advisory ROSA-SA-2021-1991
2021-07-02 18:18:35
packetstorm
packetstorm
InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
2018-02-07 00:00:00
slackware
slackware
[slackware-security] infozip
2019-03-01 20:58:06

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%

JSON
Related for GLSA-202003-58
nessus47openvas20prion2veracode2debiancve2redhat5photon12osv5ubuntu1checkpoint_advisories1cbl_mariner6cloudfoundry1oraclelinux2ubuntucve2cve2mageia2centos1fedora1debian3alpinelinux2redhatcve2f51ibm4almalinux1amazon2suse2rosalinux1packetstorm1slackware1