CVE-2008-0888

CWE-119 — Buffer Overflow11 documents9 sources

Severity

9.3CRITICAL

EPSS

19.0%

top 4.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Info-zip Unzip Apple MAC OS X Unzip Project Unzip +2 more

Timeline

PublishedMar 17

Latest updateJun 11

Description

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶CVEListV5info-zip/unzip< 6.0

▶NVDunzip_project/unzip< 6.0

▶Debianunzip< 5.52-11+3

▶NVDapple/mac_os_x< 10.6.3

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-q7mr-xjvc-chw3: The NEEDBITS macro in the inflate_dynamic function in inflate↗2022-05-01

▶

OSV

CVE-2008-0888: The NEEDBITS macro in the inflate_dynamic function in inflate↗2008-03-17

▶

CVEList

CVE-2008-0888: The NEEDBITS macro in the inflate_dynamic function in inflate↗2008-03-17

▶

📋Vendor Advisories

Microsoft

CVE-2008-0888: Mariner: Mariner secalert@redhat↗2024-06-11

▶

Red Hat

cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206↗2008-04-01

▶

Ubuntu

unzip vulnerability↗2008-03-20

▶

Red Hat

unzip: free() called for uninitialized or already freed pointer↗2008-03-17

▶

Debian

CVE-2008-0888: unzip - The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be...↗2008

▶

💬Community

Bugzilla

CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206↗2008-03-20

▶

Bugzilla

CVE-2008-0888 unzip: free() called for uninitialized or already freed pointer↗2008-02-04

▶