CVE-2008-0888: The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial…

critical9.3CVSS 3.1

AVNACMAuNCCICAC

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Affected

31 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	mac_os_x	< 10.6.3	10.6.3
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	unzip	< unzip 5.52-11 (bookworm)	unzip 5.52-11 (bookworm)
info-zip	unzip	< 6.0	6.0
msrc	cbl_mariner_1.0_arm	—	—
msrc	cbl_mariner_1.0_x64	—	—
msrc	cbl_mariner_2.0_arm	—	—
msrc	cbl_mariner_2.0_x64	—	—
msrc	unzip-6.0-16.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm	—	—
msrc	unzip-6.0-16.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64	—	—
msrc	unzip-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm	—	—
msrc	unzip-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64	—	—
msrc	unzip-6.0-20.azl3.aarch64.rpm_on_azure_linux_3.0_arm	—	—
msrc	unzip-6.0-20.azl3.x86_64.rpm_on_azure_linux_3.0_x64	—	—
msrc	unzip-debuginfo-6.0-16.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm	—	—
msrc	unzip-debuginfo-6.0-16.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64	—	—
msrc	unzip-debuginfo-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm	—	—
msrc	unzip-debuginfo-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64	—	—
unzip_project	unzip	< 6.0	6.0
unzip_project	unzip	>= 0 < 5.52-11	5.52-11
unzip_project	unzip	>= 0 < 5.52-11	5.52-11

CVSS provenance

nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C

osv9.3CRITICAL