Advisory ROSA-SA-2026-3309

CVE-ID: CVE-2014-9636 BDU-ID: None CVE-Crit: MEDIAN CVE-DESC.: The vulnerability in unzip 6.0 allows a remote attacker to cause a service failure reading or writing beyond the buffer and crashing the process through a specially created ZIP archive with an incorrect Extra-field size. CVE-STATUS: T...

MGASA-2026-0158 Updated perl-IO-Compress package fixes security vulnerabilities

The updated package fixes security vulnerabilities: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. CVE-2025-15649 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in...

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

IO::Uncompress::Unzip 安全漏洞

IO::Uncompress::Unzip is a decompression library developed by PMQS’s individual developers. Versions of IO::Uncompress::Unzip prior to version 2.220 contained security vulnerabilities. These vulnerabilities stemmed from the byte-reading loop in fastForward, which caused the CPU to be exhausted. I...

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

Astra Linux - уязвимость в unzip

A flaw was discovered in Unzip. The vulnerability occurs during the conversion of a wide string to a local string, resulting in an out-of-bound write operation on the heap. This flaw allows an attacker to submit a specially crafted zip file, causing a crash or code execution...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-33036 DESCRIPTION:...

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

CVE-2026-40180

CVE-2026-40180 affects Quarkus OpenAPI Generator’s ApicurioCodegenWrapper unzip() path: entries are extracted without validating that the resolved path stays inside the output directory, constructing destination as new File(toOutputDir, entry.getName()). This can allow path traversal (e.g., ../.....

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

CVE-2026-40180 Zip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper class

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class

Summary A path traversal vulnerability was discovered in the quarkus-openapi-generator extension Details The unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output directory. At line 101, the destination is...

PT-2026-30839

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

CVE-2024-36057

CVE-2024-36057 affects Koha Library prior to 23.05.10. The vulnerability stems from insufficient sanitization of user-controlled filenames before unzipping, allowing command injection via the shell in the unzip invocation within upload-cover-image.pl (example: the code executes qx/unzip $filename...