rpm package
suse/unzip&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18384 | — | < 6.00-4.8.13 | 6.00-4.8.13 | Oct 16, 2018 | Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. | ||
| CVE-2018-1000035 | Hig | 7.8 | < 6.00-4.3.1 | 6.00-4.3.1 | Feb 9, 2018 | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. | |
| CVE-2014-9636 | — | < 6.00-4.3.1 | 6.00-4.3.1 | Feb 6, 2015 | unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. |
- CVE-2018-18384Oct 16, 2018affected < 6.00-4.8.13fixed 6.00-4.8.13
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
- affected < 6.00-4.3.1fixed 6.00-4.3.1
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
- CVE-2014-9636Feb 6, 2015affected < 6.00-4.3.1fixed 6.00-4.3.1
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.