Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
Max CVSS
2.1
EPSS Score
0.07%
Published
2001-07-12
Updated
2010-05-25
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
Max CVSS
2.1
EPSS Score
0.07%
Published
2001-07-12
Updated
2010-05-25
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
Max CVSS
2.6
EPSS Score
0.18%
Published
2003-06-16
Updated
2017-10-11
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.
Max CVSS
10.0
EPSS Score
17.50%
Published
2005-03-01
Updated
2018-10-03
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
Max CVSS
6.2
EPSS Score
0.04%
Published
2005-05-02
Updated
2016-10-18
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
Max CVSS
1.2
EPSS Score
0.06%
Published
2005-08-05
Updated
2017-10-11
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
Max CVSS
3.7
EPSS Score
0.21%
Published
2005-12-31
Updated
2018-10-19
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Max CVSS
9.3
EPSS Score
7.19%
Published
2008-03-17
Updated
2018-10-15
Wiz 5.0.3 has a user mode write access violation
Max CVSS
7.5
EPSS Score
0.19%
Published
2020-01-27
Updated
2020-01-31
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
Max CVSS
7.5
EPSS Score
6.33%
Published
2015-02-23
Updated
2015-02-24
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.
Max CVSS
7.8
EPSS Score
0.13%
Published
2018-02-09
Updated
2020-08-24
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.
Max CVSS
7.8
EPSS Score
0.13%
Published
2018-02-09
Updated
2020-08-24
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
Max CVSS
9.1
EPSS Score
0.15%
Published
2018-02-09
Updated
2018-02-26
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.
Max CVSS
9.1
EPSS Score
0.22%
Published
2018-02-09
Updated
2018-02-26
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!