cbcvebase.
CVE-2018-1000035
published 2018-02-09

CVE-2018-1000035: A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a…

high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
debianunzip< unzip 6.0-22 (bookworm)unzip 6.0-22 (bookworm)
msrcazl3_unzip_6.0-20_on_azure_linux_3.0
msrcazl3_unzip_6.0-22_on_azure_linux_3.0
msrccbl2_unzip_6.0-19_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_unzip_6.0-16_on_cbl_mariner_1.0
msrcunzip-6.0-16.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-6.0-16.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
msrcunzip-6.0-20.azl3.aarch64.rpm_on_azure_linux_3.0_arm
msrcunzip-6.0-20.azl3.x86_64.rpm_on_azure_linux_3.0_x64
msrcunzip-debuginfo-6.0-16.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-debuginfo-6.0-16.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-debuginfo-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-debuginfo-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
unzip_projectunzip<= 6.00
unzip_projectunzip>= 0 < 6.0-226.0-22
unzip_projectunzip>= 0 < 6.0-226.0-22
unzip_projectunzip>= 0 < 6.0-226.0-22
unzip_projectunzip>= 0 < 6.0-226.0-22
unzip_projectunzip>= 0 < 6.0-20ubuntu1.16.0-20ubuntu1.1

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH