A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2022/May/33 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/May/35 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/May/38 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2051395 | Issue Tracking Third Party Advisory |
https://github.com/ByteHackr/unzip_poc | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202310-17 | Third Party Advisory |
https://support.apple.com/kb/HT213255 | Vendor Advisory |
https://support.apple.com/kb/HT213256 | Vendor Advisory |
https://support.apple.com/kb/HT213257 | Vendor Advisory |
https://www.debian.org/security/2022/dsa-5202 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
09 Nov 2023, 20:55
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://security.gentoo.org/glsa/202310-17 - Third Party Advisory |
30 Oct 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-02-09 23:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-0530
Mitre link : CVE-2022-0530
CVE.ORG link : CVE-2022-0530
JSON object : View
Products Affected
debian
- debian_linux
redhat
- enterprise_linux
apple
- mac_os_x
- macos
unzip_project
- unzip
fedoraproject
- fedora
CWE