cbcvebase.
CVE-2016-9844
published 2017-01-18

CVE-2016-9844: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large…

medium4CVSS 3.0
AVLACLPRNUINSUCNINAL
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
debianunzip< unzip 6.0-21 (bookworm)unzip 6.0-21 (bookworm)
msrcazl3_unzip_6.0-20_on_azure_linux_3.0
msrcazl3_unzip_6.0-22_on_azure_linux_3.0
msrccbl2_unzip_6.0-19_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_unzip_6.0-15_on_cbl_mariner_1.0
msrcunzip-6.0-15.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-6.0-15.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
msrcunzip-6.0-20.azl3.aarch64.rpm_on_azure_linux_3.0_arm
msrcunzip-6.0-20.azl3.x86_64.rpm_on_azure_linux_3.0_x64
msrcunzip-debuginfo-6.0-15.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-debuginfo-6.0-15.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-debuginfo-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-debuginfo-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
unzip_projectunzip
unzip_projectunzip>= 0 < 6.0-216.0-21
unzip_projectunzip>= 0 < 6.0-216.0-21
unzip_projectunzip>= 0 < 6.0-216.0-21
unzip_projectunzip>= 0 < 6.0-216.0-21
unzip_projectunzip>= 0 < 6.0-20ubuntu1.16.0-20ubuntu1.1

CVSS provenance

nvdv3.04.0MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv4.0MEDIUM