CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-13410
https://notcve.org/view.php?id=CVE-2018-13410
06 Jul 2018 — Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands ** EN DISPUTA ** Info-ZIP Zip 3.0, cuando se emplean las opciones de la línea de comandos -T y -TT, perm... • https://github.com/shinecome/zip • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000031 – InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1000031
07 Feb 2018 — A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Existe un desbordamiento de búfer basado en memoria dinámica (heap) en InfoZip UnZip 6.10c22 que permite que un atacante realice una denegación de servicio (DoS) o que pueda lograr la ejecución de código. InfoZip UnZip versions 6.00 and below and 6.1c22 and below suffer from multiple buffer overflow vulnerabilities. • https://packetstorm.news/files/id/146292 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000032 – InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1000032
07 Feb 2018 — A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Existe un desbordamiento de búfer basado en memoria dinámica (heap) en InfoZip UnZip 6.10c22 que permite que un atacante realice una denegación de servicio (DoS) o que pueda lograr la ejecución de código. InfoZip UnZip versions 6.00 and below and 6.1c22 and below suffer from multiple buffer overflow vulnerabilities. • https://packetstorm.news/files/id/146292 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000033 – InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1000033
07 Feb 2018 — An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Existe una lectura fuera de límites en InfoZip UnZip 6.10c22 que permite que un atacante realice una denegación de servicio (DoS) y lea memoria sensible. InfoZip UnZip versions 6.00 and below and 6.1c22 and below suffer from multiple buffer overflow vulnerabilities. • https://packetstorm.news/files/id/146292 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000034 – InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1000034
07 Feb 2018 — An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Existe una lectura fuera de límites en InfoZip UnZip 6.10c22 que permite que un atacante realice una denegación de servicio (DoS) y lea memoria sensible. InfoZip UnZip versions 6.00 and below and 6.1c22 and below suffer from multiple buffer overflow vulnerabilities. • https://packetstorm.news/files/id/146292 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 13%CPEs: 4EXPL: 0CVE-2015-1315 – Ubuntu Security Notice USN-2502-1
https://notcve.org/view.php?id=CVE-2015-1315
17 Feb 2015 — Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. Desbordamiento de buffer en la función charset_to_intern en unix/unix.c en Info-Zip UnZip 6.10b permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada, tal y como fue demostrado mediante la conversión de una cadena de CP866 a UTF-8. William Robinet discover... • http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-5659 – Wiz 5.0.3 User Mode Write Access Violation
https://notcve.org/view.php?id=CVE-2013-5659
02 Sep 2013 — Wiz 5.0.3 has a user mode write access violation Wiz versión 5.0.3, presenta una violación de acceso de un user mode write. Wiz version 5.0.3 suffers from a user mode write access violation vulnerability. • http://realpentesting.blogspot.com/p/realpentesting-advisory-title-user-mode.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2008-0888 – unzip: free() called for uninitialized or already freed pointer
https://notcve.org/view.php?id=CVE-2008-0888
17 Mar 2008 — The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data. La macro NEEDBITS en la función inflate_dynamic en el archivo inflate.c para unzip puede ser invocada usando búferes no válidos, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 3CVE-2005-4667 – Info-ZIP UnZip 5.x - File Name Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4667
31 Dec 2005 — Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. • https://www.exploit-db.com/exploits/26913 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2475
https://notcve.org/view.php?id=CVE-2005-2475
05 Aug 2005 — Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. Race condition en Unzip 5.52 permite que usuarios locales modifiquen permisos de ficheros arbitrarios mediante un ataque a un fichero que se esté descomprimiendo (cuyos permisos serán cambiados por Unzip después de que la descompresión se complete). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt •