258 matches found
SUSE CVE-2018-1000034
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory...
SUSE CVE-2018-1000033
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory...
SUSE CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue...
Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Intrusion Prevention System (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 )
Summary The unzip utility is used to list, test, or extract files from a zip archive. Security vulnerabilities have been discovered in unzip used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE ID: CVE-2014-8139 DESCRIPTION: Info-ZIP UnZip is vulnerable to a...
unzip buffer overflow vulnerability (CNVD-2022-11523)
Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...
Info-ZIP UnZip 安全漏洞
Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...
Security Bulletin: An Info-ZIP Unzip vulnerability has been identified in IBM Tivoli Application Dependency Discovery Manager(TADDM).
Summary This security bulletin addresses the vulnerability in Info-ZIP's Unzip used by IBM Tivoli Application Dependency Discovery ManagerTADDM. Vulnerability Details CVEID: CVE-2018-18384 DESCRIPTION: Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the...
Important: unzip
Issue Overview: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service infinite loop via empty bzip2 data in a ZIP archive. CVE-2015-7697 Buffer overflow in the zishort function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via a...
Denial Of Service(DoS)
Info-Zip UnZip is vulnerable to denial of service DoS. A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...
NewStart CGSL CORE 5.05 / MAIN 5.05 : unzip Vulnerability (NS-SA-2020-0098)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has unzip packages installed that are affected by a vulnerability: - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a better zip bomb issue...
NewStart CGSL CORE 5.04 / MAIN 5.04 : unzip Vulnerability (NS-SA-2020-0065)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unzip packages installed that are affected by a vulnerability: - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a better zip bomb issue...
Buffer Overflow
Buffer overflow in the listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via vectors related to the compression method...
Low: unzip
Issue Overview: Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue. CVE-2019-13232 Affected Packages: unzip Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Security Bulletin: Unzip as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-13232)
Summary Info-ZIP UnZip is vulnerable to a denial of service, caused by mishandling the overlapping of files inside a ZIP container. Vulnerability Details CVEID: CVE-2019-13232 DESCRIPTION: Info-ZIP UnZip is vulnerable to a denial of service, caused by mishandling the overlapping of files inside a...
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
...
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
...
Info-ZIP UnZip 6.0 has a buffer overflow in list.c when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value because a buffer size is 10 and is supposed to be 12.
...
Info-ZIP Zip 3.0 when the -T and -TT command-line options are used allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value given that the entire purpose of -TT is execution of arbitrary commands
...
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
...
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
...