CVE-2014-9636Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Unzip

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-122Heap-based Buffer Overflow10 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
58.4%
top 1.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Unzip Project UnzipCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedFeb 6
Latest updateJun 11

Description

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianunzip_project/unzip< 6.0-15+3

Also affects: Debian Linux 7.0, Fedora 20, 21, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

Patches

Patch: www.info-zip.orgPatch: www.info-zip.org

🔴Vulnerability Details

3
GHSA
GHSA-9gph-v8wv-c92v: unzip 62022-05-13
CVEList
CVE-2014-9636: unzip 62015-02-06
OSV
CVE-2014-9636: unzip 62015-02-06

📋Vendor Advisories

4
Microsoft
CVE-2014-9636: Mariner: Mariner cve@mitre2024-06-11
Ubuntu
unzip vulnerability2015-02-03
Red Hat
unzip: out-of-bounds read/write in test_compr_eb() in extract.c2014-11-02
Debian
CVE-2014-9636: unzip - unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds re...2014

💬Community

2
Bugzilla
CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]2015-01-22
Bugzilla
CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c2015-01-22
CVE-2014-9636 — Unzip Project Unzip vulnerability | cvebase