Veracode Vulnerability DatabaseVERACODE:31025Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Info-ZIP is vulnerable to Denial Of Service (DoS). It is possible due to a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
| CPE | Name | Operator | Version |
|---|---|---|---|
| unzip:edge | eq | 6.0-r8 | |
| unzip:edge | eq | 6.0-r7 | |
| unzip:edge | eq | 6.0-r5 | |
| unzip:edge | eq | 6.0-r6 | |
| unzip:edge | eq | 6.0-r4 | |
| unzip:3.12 | eq | 6.0-r8 | |
| unzip:3.12 | eq | 6.0-r7 | |
| unzip:3.14 | eq | 6.0-r8 | |
| unzip:3.13 | eq | 6.0-r8 | |
| unzip:3.11 | eq | 6.0-r6 |
References
lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html
access.redhat.com/errata/RHSA-2019:2159
bugzilla.suse.com/show_bug.cgi?id=1110194
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
sourceforge.net/p/infozip/bugs/53/
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P