Vulnerabilities > CVE-2018-1000031 - Out-of-bounds Write vulnerability in Info-Zip Unzip 6.10C22

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

info-zip

CWE-787

nessus

NVD

Published: 2018-02-09

Updated: 2020-08-24

Summary

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.

Vulnerable Configurations

Part	Description	Count
Application	Info-Zip Info ZIP Unzip 6.10C22	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-AB3D1D78F3.NASL
description	Fix CVE-2018-1000035 - heap based buffer overflow when opening Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-03-07
plugin id	107173
published	2018-03-07
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107173
title	Fedora 27 : unzip (2018-ab3d1d78f3)

Packetstorm

data source	https://packetstormsecurity.com/files/download/146292/SA-20180207-0.txt
id	PACKETSTORM:146292
last seen	2018-02-08
published	2018-02-07
reporter	Rene Freingruber
source	https://packetstormsecurity.com/files/146292/InfoZip-UnZip-6.00-6.1c22-Buffer-Overflow.html
title	InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow

References

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html