CVE-2018-1000032Out-of-bounds Write in Unzip

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 33.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Info-zip Unzip
Timeline
PublishedFeb 9
Latest updateMay 13

Description

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDinfo-zip/unzip6.10c22

🔴Vulnerability Details

2
GHSA
GHSA-36cx-5cjr-mj26: A heap-based buffer overflow exists in Info-Zip UnZip version 62022-05-13
CVEList
CVE-2018-1000032: A heap-based buffer overflow exists in Info-Zip UnZip version 62018-02-09

📋Vendor Advisories

2
Red Hat
unzip: Heap-based buffer overflow in charset_to_intern()2018-02-07
Debian
CVE-2018-1000032: unzip - A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allow...2018

💬Community

2
Bugzilla
CVE-2018-1000031 CVE-2018-1000032 CVE-2018-1000033 CVE-2018-1000035 unzip: various flaws [fedora-all]2018-02-08
Bugzilla
CVE-2018-1000032 unzip: Heap-based buffer overflow in charset_to_intern()2018-01-22
CVE-2018-1000032 — Out-of-bounds Write in Unzip | cvebase