Lucene search
K

258 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.1 views

SUSE CVE-2018-1000034

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory...

9.1CVSS6.8AI score0.01445EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.3 views

SUSE CVE-2018-1000033

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory...

9.1CVSS6.8AI score0.01766EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.3 views

SUSE CVE-2019-13232

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue...

4CVSS7.4AI score0.00495EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.36 views

Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Intrusion Prevention System (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 )

Summary The unzip utility is used to list, test, or extract files from a zip archive. Security vulnerabilities have been discovered in unzip used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE ID: CVE-2014-8139 DESCRIPTION: Info-ZIP UnZip is vulnerable to a...

7.8CVSS8.8AI score0.11562EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/02/13 12:0 a.m.36 views

unzip buffer overflow vulnerability (CNVD-2022-11523)

Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...

5.5CVSS5.3AI score0.02108EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.3 views

Info-ZIP UnZip 安全漏洞

Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...

5.5CVSS6.3AI score0.02108EPSS
Exploits1References22
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/26 6:3 p.m.30 views

Security Bulletin: An Info-ZIP Unzip vulnerability has been identified in IBM Tivoli Application Dependency Discovery Manager(TADDM).

Summary This security bulletin addresses the vulnerability in Info-ZIP's Unzip used by IBM Tivoli Application Dependency Discovery ManagerTADDM. Vulnerability Details CVEID: CVE-2018-18384 DESCRIPTION: Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the...

5.5CVSS2.2AI score0.02586EPSS
Exploits1Affected Software1
Amazon
Amazon
added 2021/02/20 12:0 a.m.42 views

Important: unzip

Issue Overview: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service infinite loop via empty bzip2 data in a ZIP archive. CVE-2015-7697 Buffer overflow in the zishort function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via a...

7.8CVSS7.5AI score0.30469EPSS
Exploits2
Veracode
Veracode
added 2020/12/17 6:43 a.m.27 views

Denial Of Service(DoS)

Info-Zip UnZip is vulnerable to denial of service DoS. A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...

7.8CVSS6.2AI score0.30469EPSS
Exploits2References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.28 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : unzip Vulnerability (NS-SA-2020-0098)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has unzip packages installed that are affected by a vulnerability: - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a better zip bomb issue...

3.3CVSS6.3AI score0.00495EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.24 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : unzip Vulnerability (NS-SA-2020-0065)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unzip packages installed that are affected by a vulnerability: - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a better zip bomb issue...

3.3CVSS6.3AI score0.00495EPSS
Exploits0References2
Veracode
Veracode
added 2020/12/06 4:24 a.m.38 views

Buffer Overflow

Buffer overflow in the listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via vectors related to the compression method...

4CVSS5.5AI score0.01453EPSS
Exploits0References7Affected Software1
Amazon
Amazon
added 2020/10/27 12:0 a.m.40 views

Low: unzip

Issue Overview: Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue. CVE-2019-13232 Affected Packages: unzip Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

3.3CVSS6.6AI score0.00495EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/13 4:56 p.m.35 views

Security Bulletin: Unzip as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-13232)

Summary Info-ZIP UnZip is vulnerable to a denial of service, caused by mishandling the overlapping of files inside a ZIP container. Vulnerability Details CVEID: CVE-2019-13232 DESCRIPTION: Info-ZIP UnZip is vulnerable to a denial of service, caused by mishandling the overlapping of files inside a...

3.3CVSS1.2AI score0.00495EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.1 views

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

...

7.8CVSS7.2AI score0.07448EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.3 views

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

...

7.8CVSS7.1AI score0.07448EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.6 views

Info-ZIP UnZip 6.0 has a buffer overflow in list.c when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value because a buffer size is 10 and is supposed to be 12.

...

5.5CVSS5.7AI score0.02586EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.4 views

Info-ZIP Zip 3.0 when the -T and -TT command-line options are used allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value given that the entire purpose of -TT is execution of arbitrary commands

...

9.8CVSS9.4AI score0.03977EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.3 views

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

...

7.8CVSS7.9AI score0.30469EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.3 views

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

...

4.3CVSS6.2AI score0.06073EPSS
Exploits0
Rows per page
Query Builder