Unzip 安全漏洞

Unzip is a Golang.zip decompression tool developed by Yige’s developers. Versions of Unzip prior to 2.215 contained security vulnerabilities. These vulnerabilities stemmed from failing to catch exceptions when parsing zip headers with incorrect DOS date formats. As a result, an exception was thro...

CLSA-2026-1778131952 unzip: Fix of 3 CVEs

CVE-2021-4217: fix null pointer dereference in EFUNIPATH extra field handling - CVE-2022-0529: fix heap-based buffer overflow in widetolocalstring - CVE-2022-0530: fix null pointer dereference on invalid UTF-8 input...

ALPINE-CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command...

DEBIAN-CVE-2018-1000035

A heap-based buffer overflow exists in Info-Zip UnZip version = 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution...

unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)

A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed...