PT-2018-1912 · Info Zip+5 · Info-Zip Unzip+5

Kristýna Streitová

Publicado

2018-09-28

Atualizado

2024-06-15

CVE-2018-18384

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Info-ZIP UnZip version 6.0

Description The issue is caused by a buffer overflow in the list.c file of the Info-ZIP UnZip archiver. This occurs when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, due to a buffer size mismatch, where the size is 10 but should be 12. Exploitation of this issue may allow an attacker to execute arbitrary code.

Recommendations For Info-ZIP UnZip version 6.0, consider applying a patch or update that fixes the buffer size mismatch in the list.c file to prevent the buffer overflow. As a temporary workaround, restrict the use of crafted ZIP archives to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2020-3276

ALT-PU-2020-3281

ALT-PU-2020-3294

AZL-35340

AZL-6942

BDU:2018-01516

BDU:2019-03597

CESA-2019_2159

CVE-2018-18384

OPENSUSE-SU-2019:1117-1

OPENSUSE-SU-2019_1117-1

OPENSUSE-SU-2024:11485-1

RHSA-2019:2159

RHSA-2019_2159

SUSE-SU-2019:0707-1

SUSE-SU-2019:13984-1

SUSE-SU-2019_0707-1

SUSE-SU-2019_13984-1

SUSE-SU-2020:1796-1

SUSE-SU-2020_1796-1

USN-4672-1

Produtos afetados

Alt Linux

Centos

Info-Zip Unzip

Red Hat

Suse

Ubuntu

PT-2018-1912 · Info Zip+5 · Info-Zip Unzip+5

CVE-2018-18384

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 49