← Back

CVE-2008-0888

nvd nist
Published: Mar 17, 2008Modified: May 1, 2025

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Affected (7)

Products: Canonical: Ubuntu Linux · Apple: Mac Os X · Debian: Debian Linux · +1 more
Show all products
Canonical: Ubuntu Linux · Apple: Mac Os X · Debian: Debian Linux · Unzip Project: Unzip
Canonical
1 product
Ubuntu Linux
Apple
1 product
Mac Os X
Debian
1 product
Debian Linux
Unzip Project
1 product
Unzip
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 6.06
Ubuntu Linux
Version 6.10
Ubuntu Linux
Version 7.04
Ubuntu Linux
Version 7.10
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Mac Os X
Before 10.6.3
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 4.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Unzip
Before 6.0

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (62)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkPatchVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Not Applicable
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Broken LinkVendor Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.