PT-2018-3009 · Info Zip+3 · Unzip+3

Published

2018-02-09

Updated

2024-06-15

CVE-2018-1000035

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Info-Zip UnZip versions prior to 6.00

Description A heap-based buffer overflow issue exists in the processing of password-protected archives, allowing an attacker to perform a denial of service or possibly achieve code execution. The vulnerability can be exploited by a remote attacker to cause a disruption in service.

Recommendations For versions prior to 6.00, update to version 6.00 or later to resolve the issue. As a temporary workaround, consider avoiding the use of password-protected archives until a patch is available. Restrict access to the archive processing functionality to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2020-3276

ALT-PU-2020-3281

ALT-PU-2020-3294

AZL-35339

AZL-6941

BDU:2019-03340

CVE-2018-1000035

DLA-2082-1

MGASA-2018-0422

OPENSUSE-SU-2018_1914-1

OPENSUSE-SU-2018_3043-1

OPENSUSE-SU-2024:11485-1

SUSE-SU-2018:0465-1

SUSE-SU-2018:1883-1

SUSE-SU-2018:2978-1

SUSE-SU-2018_0465-1

USN-4672-1

Affected Products

Alt Linux

Suse

Ubuntu

Unzip

PT-2018-3009 · Info Zip+3 · Unzip+3

CVE-2018-1000035

Weakness Enumeration

Related Identifiers

Affected Products

References · 51