Note:
This project will be discontinued after December 13, 2021. [more]
2015-11-06
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
| Products | Ubuntu_linux, Debian_linux, Unzip |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.openwall.com/lists/oss-security/2015/09/21/6
• http://www.openwall.com/lists/oss-security/2015/10/11/5 • http://www.ubuntu.com/usn/USN-2788-1 • http://www.openwall.com/lists/oss-security/2015/09/07/4 • http://www.openwall.com/lists/oss-security/2015/09/15/6 |