Vulnerabilities > CVE-2018-1000035 - Out-of-bounds Write vulnerability in Unzip Project Unzip 5.51/5.52/6.0

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

unzip-project

CWE-787

nessus

NVD

Published: 2018-02-09

Updated: 2020-08-24

Summary

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

Vulnerable Configurations

Part	Description	Count
Application	Unzip_Project Unzip Project Unzip 5.51 Unzip Project Unzip 5.52 Unzip Project Unzip 6.0	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2978-1.NASL
description	This update for unzip fixes the following security issues : CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	117902
published	2018-10-03
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117902
title	SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2018:2978-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:2978-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(117902); script_version("1.3"); script_cvs_date("Date: 2019/09/10 13:51:49"); script_cve_id("CVE-2014-9636", "CVE-2014-9913", "CVE-2015-7696", "CVE-2015-7697", "CVE-2016-9844", "CVE-2018-1000035"); script_bugtraq_id(71825); script_name(english:"SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2018:2978-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for unzip fixes the following security issues : CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1013992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1013993" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080074" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=910683" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=914442" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=950110" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=950111" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9913/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7696/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-7697/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9844/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000035/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e66d8fc8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2117=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2117=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-6.00-33.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-debuginfo-6.00-33.8.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-debugsource-6.00-33.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-6.00-33.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-debuginfo-6.00-33.8.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-debugsource-6.00-33.8.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0052.NASL
description	An update of {'unzip'} packages of Photon OS has been released.
last seen	2019-02-08
modified	2019-02-07
plugin id	111306
published	2018-07-24
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111306
title	Photon OS 2.0 : unzip (PhotonOS-PHSA-2018-2.0-0052) (deprecated)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-2082.NASL
description	An issue has been found in unzip, a de-archiver for .zip files. While processing a password protected archive, a heap-based buffer overflow could happen, that allows an attacker to perform a denial of service or to possibly achieve code execution. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	133320
published	2020-01-30
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133320
title	Debian DLA-2082-1 : unzip security update

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-3_0-0083_UNZIP.NASL
description	An update of the unzip package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136098
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136098
title	Photon OS 3.0: Unzip PHSA-2020-3.0-0083

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1124.NASL
description	This update for unzip fixes the following security issues : - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed : - Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2018-10-09
plugin id	117981
published	2018-10-09
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117981
title	openSUSE Security Update : unzip (openSUSE-2018-1124)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2429.NASL
description	According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) - Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.(CVE-2014-9913) - Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.(CVE-2016-9844) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-04
plugin id	131583
published	2019-12-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131583
title	EulerOS 2.0 SP2 : unzip (EulerOS-SA-2019-2429)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1949.NASL
description	According to the versions of the unzip package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a
last seen	2020-06-01
modified	2020-06-02
plugin id	128952
published	2019-09-17
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128952
title	EulerOS Virtualization for ARM 64 3.0.2.0 : unzip (EulerOS-SA-2019-1949)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-709.NASL
description	This update for unzip fixes the following issues : - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed : +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-05
modified	2018-07-09
plugin id	110965
published	2018-07-09
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110965
title	openSUSE Security Update : unzip (openSUSE-2018-709)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-1883-1.NASL
description	This update for unzip fixes the following issues : - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-21
modified	2019-01-02
plugin id	120030
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120030
title	SUSE SLED15 / SLES15 Security Update : unzip (SUSE-SU-2018:1883-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1462.NASL
description	According to the versions of the unzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a
last seen	2020-04-30
modified	2020-04-16
plugin id	135624
published	2020-04-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135624
title	EulerOS Virtualization 3.0.2.2 : unzip (EulerOS-SA-2020-1462)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2677.NASL
description	According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-18
plugin id	132212
published	2019-12-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132212
title	EulerOS 2.0 SP3 : unzip (EulerOS-SA-2019-2677)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2019-060-01.NASL
description	New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122576
published	2019-03-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122576
title	Slackware 14.0 / 14.1 / 14.2 / current : infozip (SSA:2019-060-01)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0144.NASL
description	An update of {'unzip'} packages of Photon OS has been released.
last seen	2019-02-08
modified	2019-02-07
plugin id	111272
published	2018-07-24
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111272
title	Photon OS 1.0 : unzip (PhotonOS-PHSA-2018-1.0-0144) (deprecated)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-AB3D1D78F3.NASL
description	Fix CVE-2018-1000035 - heap based buffer overflow when opening Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-03-07
plugin id	107173
published	2018-03-07
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107173
title	Fedora 27 : unzip (2018-ab3d1d78f3)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-509.NASL
description	This update for unzip fixes the following issues : - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed : +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	123214
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123214
title	openSUSE Security Update : unzip (openSUSE-2019-509)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-0465-1.NASL
description	This update for unzip fixes the following issues : - CVE-2018-1000035: Fixed a heap-based buffer overflow in password protected ZIP archives (bsc#1080074) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	106898
published	2018-02-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106898
title	SUSE SLES11 Security Update : unzip (SUSE-SU-2018:0465-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1880.NASL
description	According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a
last seen	2020-06-01
modified	2020-06-02
plugin id	128803
published	2019-09-16
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128803
title	EulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-1880)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-202003-58.NASL
description	The remote host is affected by the vulnerability described in GLSA-202003-58 (UnZip: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted ZIP archive using UnZip, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-04-01
modified	2020-03-27
plugin id	134966
published	2020-03-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134966
title	GLSA-202003-58 : UnZip: User-assisted execution of arbitrary code

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0052_UNZIP.NASL
description	An update of the unzip package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121952
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121952
title	Photon OS 2.0: Unzip PHSA-2018-2.0-0052

Packetstorm

data source	https://packetstormsecurity.com/files/download/146292/SA-20180207-0.txt
id	PACKETSTORM:146292
last seen	2018-02-08
published	2018-02-07
reporter	Rene Freingruber
source	https://packetstormsecurity.com/files/146292/InfoZip-UnZip-6.00-6.1c22-Buffer-Overflow.html
title	InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Packetstorm

References