VYPR

rpm package

suse/unzip&distro=SUSE Linux Enterprise Module for Basesystem 15

pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Vulnerabilities (3)

  • CVE-2018-18384Oct 16, 2018
    affected < 6.00-4.8.13fixed 6.00-4.8.13

    Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.

  • CVE-2018-1000035HigFeb 9, 2018
    affected < 6.00-4.3.1fixed 6.00-4.3.1

    A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

  • CVE-2014-9636Feb 6, 2015
    affected < 6.00-4.3.1fixed 6.00-4.3.1

    unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.