CVE-2018-1000034Out-of-bounds Read in Unzip

CWE-125Out-of-bounds ReadCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
9.1CRITICALNVD
EPSS
0.4%
top 40.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Info-zip Unzip
Timeline
PublishedFeb 9
Latest updateMay 14

Description

An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDinfo-zip/unzip6.10c22

🔴Vulnerability Details

2
GHSA
GHSA-33v7-x483-jjjx: An out-of-bounds read exists in Info-Zip UnZip version 62022-05-14
CVEList
CVE-2018-1000034: An out-of-bounds read exists in Info-Zip UnZip version 62018-02-09

📋Vendor Advisories

2
Red Hat
unzip: Invalid access in the LZMA compression algorithm2018-02-07
Debian
CVE-2018-1000034: unzip - An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an at...2018

💬Community

1
Bugzilla
CVE-2018-1000034 unzip: Invalid access in the LZMA compression algorithm2018-02-08
CVE-2018-1000034 — Out-of-bounds Read in Info-zip Unzip | cvebase