CVE-2022-0529 — Out-of-bounds Write in Project Unzip

CWE-787 — Out-of-bounds Write9 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 52.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unzip Project Unzip Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedFeb 9

Latest updateOct 13

Description

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianunzip_project/unzip< 6.0-26+deb11u1+3

▶CVEListV5unzip_project/unzip6.0

▶NVDunzip_project/unzip6.0

Also affects: Debian Linux 10.0, 11.0, Fedora 35, Enterprise Linux 8.0

🔴Vulnerability Details

OSV

unzip vulnerabilities↗2022-10-13

▶

GHSA

GHSA-wj94-fvj2-f29x: A flaw was found in unzip 6↗2022-02-11

▶

OSV

CVE-2022-0529: A flaw was found in Unzip↗2022-02-09

▶

CVEList

CVE-2022-0529: A flaw was found in Unzip↗2022-02-09

▶

📋Vendor Advisories

Ubuntu

unzip vulnerabilities↗2022-10-13

▶

Microsoft

Conversion of a wide string to a local string that leads to a heap of out-of-bound write↗2022-02-08

▶

Red Hat

unzip: Heap out-of-bound writes and reads during conversion of wide string to local string↗2022-01-24

▶

Debian

CVE-2022-0529: unzip - A flaw was found in Unzip. The vulnerability occurs during the conversion of a w...↗2022

▶