Skip to main content

Unzip

13 CVEs product

Monthly

CVE-2019-13232 LOW Monitor

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Unzip Debian Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2018-18384 MEDIUM POC PATCH This Month

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Unzip
NVD
CVSS 3.0
5.5
EPSS
2.6%
CVE-2018-1000035 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
30.5%
CVE-2018-1000034 CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Unzip
NVD
CVSS 3.0
9.1
EPSS
1.4%
CVE-2018-1000033 CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Unzip
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2018-1000032 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000031 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2016-9844 MEDIUM This Month

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Unzip
NVD VulDB
CVSS 3.0
4.0
EPSS
9.8%
CVE-2014-9913 MEDIUM This Month

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Unzip
NVD VulDB
CVSS 3.0
4.0
EPSS
4.1%
CVE-2015-7697 MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Unzip
NVD
CVSS 2.0
4.3
EPSS
29.5%
CVE-2015-7696 MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
6.8
EPSS
31.3%
CVE-2015-1315 HIGH PATCH Act Now

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.1%.

RCE Buffer Overflow Ubuntu Linux Unzip
NVD
CVSS 2.0
7.5
EPSS
12.1%
CVE-2014-9636 MEDIUM PATCH This Month

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 58.4%.

Denial Of Service Buffer Overflow Unzip Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
58.4%
EPSS 0% CVSS 3.3
LOW Monitor

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Unzip Debian Linux
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Unzip
NVD
EPSS 30% CVSS 7.8
HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 10% CVSS 4.0
MEDIUM This Month

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Unzip
NVD VulDB
EPSS 4% CVSS 4.0
MEDIUM This Month

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Unzip
NVD VulDB
EPSS 29% CVSS 4.3
MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux +1
NVD
EPSS 31% CVSS 6.8
MEDIUM This Month

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 31.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 12% CVSS 7.5
HIGH PATCH Act Now

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.1%.

RCE Buffer Overflow Ubuntu Linux +1
NVD
EPSS 58% CVSS 5.0
MEDIUM PATCH This Month

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 58.4%.

Denial Of Service Buffer Overflow Unzip +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy