cbcvebase.
CVE-2019-13232
published 2019-07-04

CVE-2019-13232: Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb"…

low3.3CVSS 3.1
AVLACLPRLUINSUCNINAL
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianunzip< unzip 6.0-24 (bookworm)unzip 6.0-24 (bookworm)
msrcazl3_unzip_6.0-20_on_azure_linux_3.0
msrcazl3_unzip_6.0-22_on_azure_linux_3.0
msrccbl2_unzip_6.0-19_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_unzip_6.0-18_on_cbl_mariner_1.0
msrcunzip-6.0-18.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-6.0-18.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
msrcunzip-6.0-20.azl3.aarch64.rpm_on_azure_linux_3.0_arm
msrcunzip-6.0-20.azl3.x86_64.rpm_on_azure_linux_3.0_x64
msrcunzip-debuginfo-6.0-18.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcunzip-debuginfo-6.0-18.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcunzip-debuginfo-6.0-19.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcunzip-debuginfo-6.0-19.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
unzip_projectunzip
unzip_projectunzip>= 0 < 6.0-246.0-24
unzip_projectunzip>= 0 < 6.0-246.0-24
unzip_projectunzip>= 0 < 6.0-246.0-24
unzip_projectunzip>= 0 < 6.0-246.0-24

CVSS provenance

nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
osv4.0MEDIUM