CVE-2018-1000033Out-of-bounds Read in Unzip

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow7 documents6 sources
Severity
9.1CRITICALNVD
EPSS
0.5%
top 33.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Info-zip Unzip
Timeline
PublishedFeb 9
Latest updateMay 14

Description

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDinfo-zip/unzip6.10c22

🔴Vulnerability Details

2
GHSA
GHSA-9p89-vww3-h8hf: An out-of-bounds read exists in Info-Zip UnZip version 62022-05-14
CVEList
CVE-2018-1000033: An out-of-bounds read exists in Info-Zip UnZip version 62018-02-09

📋Vendor Advisories

2
Red Hat
unzip: Heap-based out-of-bounds access in extract.c:ef_scan_for_stream() possibly causing crash2018-02-07
Debian
CVE-2018-1000033: unzip - An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an at...2018

💬Community

2
Bugzilla
CVE-2018-1000031 CVE-2018-1000032 CVE-2018-1000033 CVE-2018-1000035 unzip: various flaws [fedora-all]2018-02-08
Bugzilla
CVE-2018-1000033 unzip: Heap-based out-of-bounds access in extract.c:ef_scan_for_stream() possibly causing crash2018-01-22
CVE-2018-1000033 — Out-of-bounds Read in Info-zip Unzip | cvebase