Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Unzip ProjectUnzip*

9 matches found

CVE
CVEadded 2022/02/09 11:15 p.m.336 views

CVE-2022-0530

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

5.5CVSS5.3AI score0.00123EPSS
CVE
CVEadded 2022/02/09 11:15 p.m.334 views

CVE-2022-0529

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

5.5CVSS5.3AI score0.00236EPSS
CVE
CVEadded 2022/08/24 4:15 p.m.293 views

CVE-2021-4217

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

3.3CVSS3.9AI score0.00138EPSS
CVE
CVEadded 2020/01/31 11:15 p.m.288 views

CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.2AI score0.09912EPSS
CVE
CVEadded 2020/01/31 10:15 p.m.277 views

CVE-2014-8139

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.3AI score0.09912EPSS
CVE
CVEadded 2020/01/31 10:15 p.m.276 views

CVE-2014-8140

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

7.8CVSS8.2AI score0.09912EPSS
CVE
CVEadded 2018/02/09 11:29 p.m.224 views

CVE-2018-1000035

A heap-based buffer overflow exists in Info-Zip UnZip version

7.8CVSS5.9AI score0.459EPSS
CVE
CVEadded 2022/12/27 10:15 p.m.146 views

CVE-2020-36561

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

9.1CVSS9.2AI score0.00125EPSS
CVE
CVEadded 2008/03/17 9:44 p.m.80 views

CVE-2008-0888

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

9.3CVSS9.6AI score0.04114EPSS