cbcvebase.
CVE-2018-18384
published 2018-10-16

CVE-2018-18384: Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size…

medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
debianunzip< unzip 6.0-11 (bookworm)unzip 6.0-11 (bookworm)
msrcazl3_unzip_6.0-20_on_azure_linux_3.0
msrcazl3_unzip_6.0-22_on_azure_linux_3.0
msrccbl2_unzip_6.0-19_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_unzip_6.0-15_on_cbl_mariner_1.0
msrcunzip-6.0-15.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-6.0-15.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
msrcunzip-6.0-20.azl3.aarch64.rpm_on_azure_linux_3.0_arm
msrcunzip-6.0-20.azl3.x86_64.rpm_on_azure_linux_3.0_x64
msrcunzip-debuginfo-6.0-15.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-debuginfo-6.0-15.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-debuginfo-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-debuginfo-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
unzip_projectunzip
unzip_projectunzip>= 0 < 6.0-116.0-11
unzip_projectunzip>= 0 < 6.0-116.0-11
unzip_projectunzip>= 0 < 6.0-116.0-11
unzip_projectunzip>= 0 < 6.0-116.0-11
unzip_projectunzip>= 0 < 6.0-20ubuntu1.16.0-20ubuntu1.1

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM