cbcvebase.
CVE-2014-8139
published 2020-01-31

CVE-2014-8139: Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file…

high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

Affected

49 ranges· showing 25
VendorProductVersion rangeFixed in
appleos_x_yosemite_v10.10.4_and_security_update_2015-005
debianunzip< unzip 6.0-16 (bookworm)unzip 6.0-16 (bookworm)
etjarchive_unzip_burst0.01 – 0.09
msrcazl3_unzip_6.0-20_on_azure_linux_3.0
msrcazl3_unzip_6.0-22_on_azure_linux_3.0
msrccbl2_unzip_6.0-19_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_unzip_6.0-16_on_cbl_mariner_1.0
msrcunzip-6.0-16.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-6.0-16.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
msrcunzip-6.0-20.azl3.aarch64.rpm_on_azure_linux_3.0_arm
msrcunzip-6.0-20.azl3.x86_64.rpm_on_azure_linux_3.0_x64
msrcunzip-debuginfo-6.0-16.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-debuginfo-6.0-16.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-debuginfo-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-debuginfo-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_server

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH