A flaw was found in Unzip. The vulnerability occurs during the conversion
of a wide string to a local string that leads to a heap of out-of-bound
write. This flaw allows an attacker to input a specially crafted zip file,
leading to a crash or code execution.
Author | Note |
---|---|
mdeslaur | main Red Hat bug is private Debian has released updates for this CVE |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | unzip | <Â 6.0-21ubuntu1.2 | UNKNOWN |
ubuntu | 20.04 | noarch | unzip | <Â 6.0-25ubuntu1.1 | UNKNOWN |
ubuntu | 22.04 | noarch | unzip | <Â 6.0-26ubuntu3.1 | UNKNOWN |
ubuntu | 14.04 | noarch | unzip | <Â 6.0-9ubuntu1.6+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | unzip | <Â 6.0-20ubuntu1.1+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |