CVE-2005-4667

2006-01-2521:00:00

CWE-119

mitre

web.nvd.nist.gov

cve-2005-4667

buffer overflow

unzip

arbitrary code execution

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

58.8%

JSON

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

Affected configurations

Nvd

Node

info-zipunzipMatch5.2

info-zipunzipMatch5.3

info-zipunzipMatch5.31

info-zipunzipMatch5.32

info-zipunzipMatch5.40

info-zipunzipMatch5.41

info-zipunzipMatch5.42

info-zipunzipMatch5.50

VendorProductVersionCPE
info-zipunzip5.2cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*
info-zipunzip5.3cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*
info-zipunzip5.31cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*
info-zipunzip5.32cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*
info-zipunzip5.40cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*
info-zipunzip5.41cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*
info-zipunzip5.42cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*
info-zipunzip5.50cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
info-zip	unzip	5.2	cpe:2.3:a:info-zip:unzip:5.2:::::::*
info-zip	unzip	5.3	cpe:2.3:a:info-zip:unzip:5.3:::::::*
info-zip	unzip	5.31	cpe:2.3:a:info-zip:unzip:5.31:::::::*
info-zip	unzip	5.32	cpe:2.3:a:info-zip:unzip:5.32:::::::*
info-zip	unzip	5.40	cpe:2.3:a:info-zip:unzip:5.40:::::::*
info-zip	unzip	5.41	cpe:2.3:a:info-zip:unzip:5.41:::::::*
info-zip	unzip	5.42	cpe:2.3:a:info-zip:unzip:5.42:::::::*
info-zip	unzip	5.50	cpe:2.3:a:info-zip:unzip:5.50:::::::*