CVE-2005-2475 — Race Condition in Unzip

11 documents8 sources
Severity
1.2LOWNVD
EPSS
0.1%
top 76.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unzip Project UnzipInfo-zip Unzip
Timeline
PublishedAug 5
Latest updateMay 3

Description

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

â–¶Debianunzip_project/unzip< 5.52-4+3
â–¶NVDinfo-zip/unzip5.52

🔴Vulnerability Details

3
GHSA
GHSA-3m3m-6r6c-8m58: Race condition in Unzip 5↗2022-05-03
â–¶
OSV
CVE-2005-2475: Race condition in Unzip 5↗2005-08-05
â–¶
CVEList
CVE-2005-2475: Race condition in Unzip 5↗2005-08-05
â–¶

📋Vendor Advisories

3
Ubuntu
unzip vulnerability↗2005-09-30
â–¶
Red Hat
security flaw↗2005-08-02
â–¶
Debian
CVE-2005-2475: unzip - Race condition in Unzip 5.52 allows local users to modify permissions of arbitra...↗2005
â–¶

💬Community

4
Bugzilla
CVE-2005-2475 security flaw↗2018-08-16
â–¶
Bugzilla
CVE-2005-2475 TOCTOU issue in unzip↗2007-02-19
â–¶
Bugzilla
CVE-2005-2475 TOCTOU issue in unzip↗2007-02-01
â–¶
Bugzilla
CVE-2005-2475 TOCTOU issue in unzip↗2005-08-02
â–¶
CVE-2005-2475 — Race Condition in Info-zip Unzip | cvebase