Skip to content

GitLab

Closed
Created by Emily@emily🤖

system/unzip: multiple vulnerabilities
Bugzilla ID 123
Alias(es) CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636, CVE-2014-9913, CVE-2015-7696, CVE-2015-7697, CVE-2016-9844, CVE-2018-18384, CVE-2019-13232
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2019-07-29 04:10:28 -0500
Modified 2020-06-12 19:30:04 -0500
Status RESOLVED FIXED
Version 1.0-BETA3
Hardware Adélie Linux / All
Importance --- / normal

Description

CVE-2014-9636: https://nvd.nist.gov/vuln/detail/CVE-2014-9636

unzip 6.0 allows remote attackers to cause a denial of service
(out-of-bounds read or write and crash) via an extra field with an
uncompressed size smaller than the compressed field size in a zip
archive that advertises STORED method compression.

CVE-2014-9913: https://nvd.nist.gov/vuln/detail/CVE-2014-9913

Buffer overflow in the list_files function in list.c in Info-Zip UnZip
6.0 allows remote attackers to cause a denial of service (crash) via
vectors related to the compression method.

CVE-2015-7696: https://nvd.nist.gov/vuln/detail/CVE-2015-7696

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or
possibly execute arbitrary code via a crafted password-protected ZIP
archive, possibly related to an Extra-Field size value.

CVE-2015-7697: https://nvd.nist.gov/vuln/detail/CVE-2015-7697

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of
service (infinite loop) via empty bzip2 data in a ZIP archive.

CVE-2016-9844: https://nvd.nist.gov/vuln/detail/CVE-2016-9844

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
UnZip 6.0 allows remote attackers to cause a denial of service (crash)
via a large compression method value in the central directory file
header.

CVE-2018-18384: https://nvd.nist.gov/vuln/detail/CVE-2018-18384

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive
has a crafted relationship between the compressed-size value and the
uncompressed-size value, because a buffer size is 10 and is supposed
to be 12.

CVE-2019-13232: https://nvd.nist.gov/vuln/detail/CVE-2019-13232

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP
container, leading to denial of service (resource consumption), aka a
"better zip bomb" issue.