Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2021-1991
HistoryJul 02, 2021 - 6:18 p.m.

Advisory ROSA-SA-2021-1991

2021-07-0218:18:35
ROSA LAB
abf.rosalinux.ru
7

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.046 Low

EPSS

Percentile

92.4%

JSON

Software: unzip 6.0
OS: Cobalt 7.9

CVE-ID: CVE-2014-9913
CVE-Crit: MEDIUM
CVE-DESC: Buffer overflow in list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (failure) using vectors associated with the compression method.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-7696
CVE-Crit: CRITICAL
CVE-DESC: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code through a password-protected ZIP archive created, possibly associated with Extra- Field Size Value.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-7697
CVE-Crit: CRITICAL
CVE-DESC: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) by using empty bzip2 data in a ZIP archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-9844
CVE-Crit: MEDIUM
CVE-DESC: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (failure) by using a large compression method value in the central directory file header.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2018-1000035
CVE-Crit: HIGH
CVE-DESC: A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 when processing password-protected archives, allowing an attacker to perform a denial of service or possibly achieve code execution.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchunzip< 6.0UNKNOWN

Related

nessus 39
openvas 27
suse 2
amazon 1
ibm 1
debian 5
cloudfoundry 2
ubuntu 3
securityvulns 2
osv 8
freebsd 1
archlinux 1
mageia 2
photon 10
cbl_mariner 15
debiancve 5
prion 5
alpinelinux 5
ubuntucve 5
cve 5
fedora 3
veracode 3
checkpoint_advisories 1
redhatcve 2
slackware 1
gentoo 1
packetstorm 1
nessus
nessus
EulerOS 2.0 SP2 : unzip (EulerOS-SA-2019-2429)
2019-12-04 00:00:00
SUSE SLES11 Security Update : unzip (SUSE-SU-2017:0639-1)
2017-03-10 00:00:00
openSUSE Security Update : unzip (openSUSE-2018-1124)
2018-10-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2019-2429)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0639-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for unzip (openSUSE-SU-2018:3043-1)
2018-10-06 00:00:00
suse
suse
Security update for unzip (moderate)
2018-10-05 21:18:21
Security update for unzip (moderate)
2018-07-07 03:08:17
amazon
amazon
Important: unzip
2021-02-17 18:14:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in unzip affect IBM Flex System Manager (FSM)
2018-06-18 01:42:30
debian
debian
[SECURITY] [DSA 3386-1] unzip security update
2015-10-31 14:36:35
[SECURITY] [DSA 3386-1] unzip security update
2015-10-31 14:36:35
[SECURITY] [DLA 330-1] unzip security update
2015-10-22 09:43:10
cloudfoundry
cloudfoundry
USN-2788-1 and USN-2788-2 unzip vulnerability | Cloud Foundry
2015-11-24 00:00:00
USN-4672-1: unzip vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
ubuntu
ubuntu
unzip regression
2015-11-09 00:00:00
unzip vulnerabilities
2015-10-29 00:00:00
unzip vulnerabilities
2020-12-16 00:00:00
securityvulns
securityvulns
unzip security vulneravilities
2015-11-01 00:00:00
[USN-2788-1] unzip vulnerabilities
2015-11-01 00:00:00
osv
osv
unzip - regression update
2015-10-31 00:00:00
unzip - security update
2015-10-31 00:00:00
unzip - security update
2016-12-13 00:00:00
freebsd
freebsd
unzip -- multiple vulnerabilities
2015-09-26 00:00:00
archlinux
archlinux
unzip: multiple issues
2015-11-03 00:00:00
mageia
mageia
Updated unzip package fixes security vulnerabilities
2017-01-13 13:32:16
Updated unzip packages fix security vulnerabilities
2018-10-30 21:01:43
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0029
2018-03-23 00:00:00
Moderate Photon OS Security Update - PHSA-2018-0029
2018-03-26 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0052
2018-06-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2015-7696 affecting package unzip 6.0-20
2024-03-19 17:21:46
CVE-2014-9913 affecting package unzip 6.0-20
2022-04-09 06:51:51
CVE-2015-7696 affecting package unzip 6.0-20
2022-04-09 06:51:51
debiancve
debiancve
CVE-2015-7696
2015-11-06 18:59:00
CVE-2015-7697
2015-11-06 18:59:00
CVE-2016-9844
2017-01-18 17:59:00
prion
prion
Heap overflow
2015-11-06 18:59:00
Design/Logic Flaw
2015-11-06 18:59:00
Heap overflow
2018-02-09 23:29:00
alpinelinux
alpinelinux
CVE-2015-7696
2015-11-06 18:59:00
CVE-2015-7697
2015-11-06 18:59:00
CVE-2014-9913
2017-01-18 17:59:00
ubuntucve
ubuntucve
CVE-2015-7696
2015-10-12 00:00:00
CVE-2015-7697
2015-10-12 00:00:00
CVE-2014-9913
2017-01-18 00:00:00
cve
cve
CVE-2015-7696
2015-11-06 18:59:00
CVE-2015-7697
2015-11-06 18:59:00
CVE-2014-9913
2017-01-18 17:59:00
fedora
fedora
[SECURITY] Fedora 24 Update: unzip-6.0-31.fc24
2016-12-16 22:24:27
[SECURITY] Fedora 25 Update: unzip-6.0-31.fc25
2016-12-16 21:08:20
[SECURITY] Fedora 27 Update: unzip-6.0-37.fc27
2018-03-06 17:36:06
veracode
veracode
Buffer Overflow
2020-12-06 04:24:50
Buffer Overflow
2020-12-06 04:21:28
Denial Of Service(DoS)
2020-12-17 06:43:42
checkpoint_advisories
checkpoint_advisories
InfoZip UnZip Buffer Overflow (CVE-2018-1000035)
2022-09-18 00:00:00
redhatcve
redhatcve
CVE-2016-9844
2016-12-06 09:47:30
CVE-2018-1000035
2018-02-08 09:19:14
slackware
slackware
[slackware-security] infozip
2019-03-01 20:58:06
gentoo
gentoo
UnZip: User-assisted execution of arbitrary code
2020-03-26 00:00:00
packetstorm
packetstorm
InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
2018-02-07 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.046 Low

EPSS

Percentile

92.4%

JSON
Related for ROSA-SA-2021-1991
nessus39openvas27suse2amazon1ibm1debian5cloudfoundry2ubuntu3securityvulns2osv8freebsd1archlinux1mageia2photon10cbl_mariner15debiancve5prion5alpinelinux5ubuntucve5cve5fedora3veracode3checkpoint_advisories1redhatcve2slackware1gentoo1packetstorm1