CVE-2019-13232

CWE-400 — Uncontrolled Resource Consumption10 documents9 sources

Severity

3.3LOW

EPSS

0.0%

top 85.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Unzip Project Unzip

Timeline

PublishedJul 4

Latest updateMay 24

Description

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶Debianunzip< 6.0-24+3

▶NVDunzip_project/unzip6.0

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-8vm7-647w-p9g4: Info-ZIP UnZip 6↗2022-05-24

▶

CVEList

CVE-2019-13232: Info-ZIP UnZip 6↗2019-07-04

▶

OSV

CVE-2019-13232: Info-ZIP UnZip 6↗2019-07-04

▶

📋Vendor Advisories

Ubuntu

unzip vulnerabilities↗2020-12-16

▶

Microsoft

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container leading to denial of service (resource consumption) aka a "better zip bomb" issue.↗2019-07-09

▶

Red Hat

unzip: overlapping of files in ZIP container leads to denial of service↗2019-07-02

▶

Debian

CVE-2019-13232: unzip - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, l...↗2019

▶

💬Community

Bugzilla

CVE-2019-13232 unzip: overlapping of files in ZIP container leads to denial of service [fedora-all]↗2019-07-08

▶

Bugzilla

CVE-2019-13232 unzip: overlapping of files in ZIP container leads to denial of service↗2019-07-08

▶