CVE-2018-1000035Out-of-bounds Write in Project Unzip

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow11 documents9 sources
Severity
7.8HIGHNVD
OSV4.0
EPSS
62.7%
top 1.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Unzip Project Unzip
Timeline
PublishedFeb 9
Latest updateMay 13

Description

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianunzip_project/unzip< 6.0-22+3
Ubuntuunzip_project/unzip< 6.0-20ubuntu1.1+2

🔴Vulnerability Details

4
GHSA
GHSA-v5xf-cfj4-rv57: A heap-based buffer overflow exists in Info-Zip UnZip version <= 62022-05-13
OSV
unzip vulnerabilities2020-12-16
CVEList
CVE-2018-1000035: A heap-based buffer overflow exists in Info-Zip UnZip version <= 62018-02-09
OSV
CVE-2018-1000035: A heap-based buffer overflow exists in Info-Zip UnZip version <= 62018-02-09

📋Vendor Advisories

4
Ubuntu
unzip vulnerabilities2020-12-16
Microsoft
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve cod2018-02-13
Red Hat
unzip: Heap-based buffer overflow in fileio.c:UzpPassword function allows code execution2018-02-07
Debian
CVE-2018-1000035: unzip - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the pro...2018

💬Community

2
Bugzilla
CVE-2018-1000031 CVE-2018-1000032 CVE-2018-1000033 CVE-2018-1000035 unzip: various flaws [fedora-all]2018-02-08
Bugzilla
CVE-2018-1000035 unzip: Heap-based buffer overflow in fileio.c:UzpPassword function allows code execution2018-01-22
CVE-2018-1000035 — Out-of-bounds Write in Project Unzip | cvebase