CVE-2014-8141

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read11 documents10 sources
Severity
7.8HIGH
EPSS
8.1%
top 7.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Unzip Project UnzipInfo-zip UnzipRedhat Enterprise Linux Desktop+4 more
Timeline
PublishedJan 31
Latest updateMay 17

Description

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5info-zip/unzip6.0 and earlier
Debianunzip< 6.0-13+3

Also affects: Enterprise Linux 6.6, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-3gfx-c6cm-vch8: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 62022-05-17
OSV
CVE-2014-8141: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 62020-01-31
CVEList
CVE-2014-8141: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 62020-01-31

📋Vendor Advisories

5
Microsoft
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unz2020-01-14
Ubuntu
unzip vulnerabilities2015-01-14
Red Hat
unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)2014-12-22
Debian
CVE-2014-8141: unzip - Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 an...2014
Apple
CVE-2014-8141: OS X Yosemite v10.10.4 and Security Update 2015-005

💬Community

2
Bugzilla
CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]2015-02-10
Bugzilla
CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)2014-12-16