PT-2022-6171 · Unzip+5 · Unzip+5

Sandipan Roy

Published

2022-02-07

Updated

2024-10-16

CVE-2022-0529

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Unzip (affected versions not specified)

Description A flaw in Unzip allows an attacker to input a specially crafted zip file, leading to a crash or code execution. The issue occurs during the conversion of a wide string to a local string, resulting in a heap out-of-bound write. This can be exploited by a remote attacker to cause a denial of service using the specially crafted zip file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2024-13675

ALT-PU-2024-13679

ALT-PU-2024-13944

AZL-35343

AZL-8532

BDU:2023-00293

CVE-2022-0529

DLA-3118-1

DSA-5202-1

MGASA-2022-0371

OESA-2022-1548

OPENSUSE-SU-2022_3399-1

OPENSUSE-SU-2024:12357-1

SUSE-SU-2022:3386-1

SUSE-SU-2022:3399-1

SUSE-SU-2022_3386-1

SUSE-SU-2022_3399-1

USN-5673-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Unzip

PT-2022-6171 · Unzip+5 · Unzip+5

CVE-2022-0529

Weakness Enumeration

Related Identifiers

Affected Products

References · 52