Vulnerabilities > Unzip Project

DATE CVE VULNERABILITY TITLE RISK
2022-12-27 CVE-2020-36561 Path Traversal vulnerability in Unzip Project Unzip
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
network
low complexity
unzip-project CWE-22
critical
9.1
2022-08-24 CVE-2021-4217 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in unzip.
local
low complexity
unzip-project fedoraproject redhat CWE-476
3.3
2022-02-09 CVE-2022-0529 Out-of-bounds Write vulnerability in multiple products
A flaw was found in Unzip.
5.5
2022-02-09 CVE-2022-0530 A flaw was found in Unzip. 5.5
2020-01-31 CVE-2014-8141 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
local
low complexity
unzip-project redhat CWE-787
7.8
2020-01-31 CVE-2014-8140 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
local
low complexity
unzip-project redhat CWE-787
7.8
2020-01-31 CVE-2014-8139 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
local
low complexity
unzip-project redhat CWE-787
7.8
2019-07-04 CVE-2019-13232 Resource Exhaustion vulnerability in multiple products
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
local
low complexity
unzip-project debian CWE-400
3.3
2018-10-16 CVE-2018-18384 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzip Project Unzip 6.0
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
local
low complexity
unzip-project CWE-119
5.5
2018-02-09 CVE-2018-1000035 Out-of-bounds Write vulnerability in Unzip Project Unzip
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
local
low complexity
unzip-project CWE-787
7.8