CVE-2004-1010 — Improper Restriction of Operations within the Bounds of a Memory Buffer in ZIP

7 documents7 sources

Severity

10.0CRITICALNVD

EPSS

6.1%

top 9.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Info-zip ZIP Debian ZIP

Timeline

PublishedMar 1

Latest updateApr 29

Description

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶Debianinfo-zip/zip< 2.30-8+3

▶NVDinfo-zip/zip2.3

▶debiandebian/zip< zip 2.30-8 (bookworm)

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5w78-c2f4-q879: Buffer overflow in Info-Zip 2↗2022-04-29

▶

OSV

CVE-2004-1010: Buffer overflow in Info-Zip 2↗2005-03-01

▶

📋Vendor Advisories

Ubuntu

zip vulnerability↗2004-11-06

▶

Red Hat

security flaw↗2004-11-03

▶

Debian

CVE-2004-1010: zip - Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recurs...↗2004

▶

💬Community

Bugzilla

CVE-2004-1010 security flaw↗2018-08-16

▶