CVE-2018-18384

Published: Oct 16, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.

Affected (1)

Products: Unzip Project: Unzip

Unzip Project

1 product

Unzip

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Unzip Project Unzip	Version 6.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (8)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2019:2159

Source: cve@mitre.org

https://bugzilla.suse.com/show_bug.cgi?id=1110194

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://sourceforge.net/p/infozip/bugs/53/

Source: cve@mitre.org

PatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:2159

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=1110194

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://sourceforge.net/p/infozip/bugs/53/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.