Skip to main content

Unzip CVE-2014-9636

MEDIUM
Buffer Overflow (CWE-119)
2015-02-06 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 06, 2015 - 15:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

AnalysisAI

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 58.4%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. Affected products include: Unzip Project Unzip, Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Unzip

View all
CVE-2015-7696 MEDIUM
6.8 Nov 06

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application cra

CVE-2015-7697 MEDIUM
4.3 Nov 06

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP ar

CVE-2015-1315 HIGH
7.5 Feb 23

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to exec

CVE-2018-18384 MEDIUM POC
5.5 Oct 16

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed

CVE-2018-1000034 CRITICAL
9.1 Feb 09

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service an

CVE-2018-1000033 CRITICAL
9.1 Feb 09

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service an

CVE-2018-1000035 HIGH
7.8 Feb 09

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives t

CVE-2018-1000032 HIGH
7.8 Feb 09

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of ser

CVE-2018-1000031 HIGH
7.8 Feb 09

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of ser

CVE-2016-9844 MEDIUM
4.0 Jan 18

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of

CVE-2014-9913 MEDIUM
4.0 Jan 18

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of

CVE-2019-13232 LOW
3.3 Jul 04

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource co

Share

CVE-2014-9636 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy