PT-2022-6172 · Unzip+6 · Unzip+6

Sandipan Roy

Published

2022-02-09

Updated

2024-10-16

CVE-2022-0530

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Unzip versions 6.0

Description A flaw was found in Unzip that occurs during the conversion of a wide string to a local string, leading to a heap out-of-bound write. This allows an attacker to input a specially crafted zip file, resulting in a crash or code execution. The vulnerability can be exploited by a remote attacker to cause a denial of service using a specially crafted zip file.

Recommendations For Unzip version 6.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2024-13675

ALT-PU-2024-13679

ALT-PU-2024-13944

AZL-35344

AZL-8533

BDU:2023-00295

CVE-2022-0530

DLA-3118-1

DSA-5202-1

MGASA-2022-0371

OESA-2022-1548

OPENSUSE-SU-2022_3399-1

OPENSUSE-SU-2024:12357-1

SUSE-SU-2022:3386-1

SUSE-SU-2022:3399-1

USN-5673-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Apple Macos

Suse

Ubuntu

Unzip

PT-2022-6172 · Unzip+6 · Unzip+6

CVE-2022-0530

Weakness Enumeration

Related Identifiers

Affected Products

References · 64