rpm package
suse/unzip&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/unzip&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0529 | — | < 6.00-33.16.1 | 6.00-33.16.1 | Feb 9, 2022 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||
| CVE-2022-0530 | — | < 6.00-33.16.1 | 6.00-33.16.1 | Feb 9, 2022 | A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||
| CVE-2018-18384 | — | < 6.00-33.13.3 | 6.00-33.13.3 | Oct 16, 2018 | Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. |
- CVE-2022-0529Feb 9, 2022affected < 6.00-33.16.1fixed 6.00-33.16.1
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- CVE-2022-0530Feb 9, 2022affected < 6.00-33.16.1fixed 6.00-33.16.1
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- CVE-2018-18384Oct 16, 2018affected < 6.00-33.13.3fixed 6.00-33.13.3
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.