9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.067 Low
EPSS
Percentile
92.8%
Tavis Ormandy discovered that unzip, when processing specially crafted
ZIP archives, could pass invalid pointers to the C library’s free
routine, potentially leading to arbitrary code execution
(CVE-2008-0888).
For the old stable distribution (sarge), this problem has been fixed
in version 5.52-1sarge5.
For the stable distribution (etch), this problem has been fixed in
version 5.52-9etch1.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your unzip package.