Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0282 — Path Traversal in Unzip

8 documents8 sources

Severity

2.6LOWNVD

EPSS

21.1%

top 4.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unzip Project Unzip Info-zip Unzip SCO Openlinux Server +1 more

Timeline

PublishedJun 16

Latest updateMay 3

Description

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages4 packages

▶Debianunzip_project/unzip< 5.50-3+3

▶NVDinfo-zip/unzip5.50

▶NVDsco/openlinux_server3.1.1

▶NVDsco/openlinux_workstation3.1.1

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8g9q-xjgw-r992: Directory traversal vulnerability in UnZip 5↗2022-05-03

▶

OSV

CVE-2003-0282: Directory traversal vulnerability in UnZip 5↗2003-06-16

▶

CVEList

CVE-2003-0282: Directory traversal vulnerability in UnZip 5↗2003-05-14

▶

💥Exploits & PoCs

Exploit-DB

Info-ZIP UnZip 5.50 - Encoded Character Hostile Destination Path↗2003-05-10

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-05-09

▶

Debian

CVE-2003-0282: unzip - Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite ar...↗2003

▶

💬Community

Bugzilla

CVE-2003-0282 security flaw↗2018-08-16

▶