Cpe Name:
cpe:2.3:a:info-zip:unzip:*:*:*:*:*:*:*:*
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2008-0888 |
119 |
|
DoS Exec Code Overflow |
2008-03-17 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. |
|
2 |
CVE-2005-0602 |
|
|
+Priv |
2005-05-02 |
2016-10-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. |
|
3 |
CVE-2001-1269 |
|
|
|
2001-07-12 |
2010-05-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. |
|
4 |
CVE-2001-1268 |
|
|
Dir. Trav. |
2001-07-12 |
2010-05-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. |
Total number of vulnerabilities :
4
Page :
1
(This Page)
