Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4667Improper Restriction of Operations within the Bounds of a Memory Buffer in Unzip

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents9 sources
Severity
3.7LOWNVD
EPSS
3.1%
top 13.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unzip Project UnzipInfo-zip Unzip
Timeline
PublishedDec 31
Latest updateMay 1

Description

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

Debianunzip_project/unzip< 5.52-7+3
NVDinfo-zip/unzip8 versions+7

Patches

Patch: www.debian.orgPatch: www.trustix.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-8h2v-2p8g-f36m: Buffer overflow in UnZip 52022-05-01
CVEList
CVE-2005-4667: Buffer overflow in UnZip 52006-01-25
OSV
CVE-2005-4667: Buffer overflow in UnZip 52005-12-31

💥Exploits & PoCs

1
Exploit-DB
Info-ZIP UnZip 5.x - File Name Buffer Overflow2005-12-19

📋Vendor Advisories

3
Ubuntu
unzip vulnerability2006-02-15
Red Hat
security flaw2005-12-19
Debian
CVE-2005-4667: unzip - Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to exec...2005

💬Community

7
Bugzilla
CVE-2005-4667 security flaw2018-08-16
Bugzilla
CVE-2005-4667 unzip long filename buffer overflow2006-03-24
Bugzilla
CVE-2005-4667 unzip long filename buffer overflow2006-03-24
Bugzilla
unzip - CVE-2005-4667 - long file name buffer overflow2006-02-07
Bugzilla
CVE-2005-4667 unzip long filename buffer overflow2006-02-06
CVE-2005-4667 — Info-zip Unzip vulnerability | cvebase