Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-9636
HistoryFeb 06, 2015 - 3:59 p.m.

CVE-2014-9636

2015-02-0615:59:06
CWE-119
[email protected]
web.nvd.nist.gov
96
cve
2014
9636
remote code execution
denial of service
out-of-bounds read
zip archive

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.3

Confidence

High

EPSS

0.259

Percentile

96.7%

JSON

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Affected configurations

NVD
Node
unzip_projectunzipMatch6.0
Node
canonicalubuntu_linuxMatch10.04lts
OR
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch14.10
Node
debiandebian_linuxMatch7.0
Node
fedoraprojectfedoraMatch20
OR
fedoraprojectfedoraMatch21
VendorProductVersionCPE
unzip_projectunzip6.0cpe:/a:unzip_project:unzip:6.0:::

Related

cbl_mariner 3
openvas 19
nessus 26
alpinelinux 1
checkpoint_advisories 1
fedora 4
nvd 1
archlinux 1
prion 1
freebsd 1
debiancve 1
ubuntucve 1
cvelist 1
ubuntu 1
debian 3
suse 2
osv 1
securityvulns 2
ibm 7
veracode 1
centos 1
amazon 1
gentoo 1
oraclelinux 1
redhat 1
cbl_mariner
cbl_mariner
CVE-2014-9636 affecting package unzip for versions less than 6.0-19
2022-04-09 06:51:51
CVE-2014-9636 affecting package unzip for versions less than 6.0-20
2024-03-19 17:21:46
CVE-2014-9636 affecting package unzip 6.0-19
2020-10-08 18:09:51
openvas
openvas
Ubuntu: Security Advisory (USN-2489-1)
2022-08-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0355-1)
2021-04-19 00:00:00
Fedora Update for unzip FEDORA-2015-1267
2015-01-31 00:00:00
nessus
nessus
Fedora 21 : unzip-6.0-18.fc21 (2015-1189)
2015-01-29 00:00:00
SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2015:0355-1)
2015-05-20 00:00:00
Fedora 20 : unzip-6.0-15.fc20 (2015-1267)
2015-01-30 00:00:00
alpinelinux
alpinelinux
CVE-2014-9636
2015-02-06 15:59:06
checkpoint_advisories
checkpoint_advisories
Unzip Extra Field Uncompressed Size Buffer Overflow (CVE-2014-9636)
2015-04-20 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: unzip-6.0-18.fc21
2015-01-28 19:58:39
[SECURITY] Fedora 20 Update: unzip-6.0-15.fc20
2015-01-30 04:35:06
[SECURITY] Fedora 20 Update: unzip-6.0-17.fc20
2015-02-23 23:25:28
nvd
nvd
CVE-2014-9636
2015-02-06 15:59:06
archlinux
archlinux
unzip: arbitrary code execution
2015-03-15 00:00:00
prion
prion
Out-of-bounds
2015-02-06 15:59:00
freebsd
freebsd
unzip -- out of boundary access issues in test_compr_eb
2014-11-02 00:00:00
debiancve
debiancve
CVE-2014-9636
2015-02-06 15:59:06
ubuntucve
ubuntucve
CVE-2014-9636
2014-12-31 00:00:00
cvelist
cvelist
CVE-2014-9636
2015-02-06 15:00:00
ubuntu
ubuntu
unzip vulnerability
2015-02-03 00:00:00
debian
debian
[SECURITY] [DLA 150-1] unzip security update
2015-02-07 13:51:00
[SECURITY] [DSA 3152-1] unzip security update
2015-02-03 15:04:37
[SECURITY] [DSA 3152-1] unzip security update
2015-02-03 15:04:37
suse
suse
Security update for unzip (moderate)
2018-07-07 03:08:17
Security update for unzip (moderate)
2018-10-05 21:18:21
osv
osv
unzip - security update
2015-02-07 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3152-1] unzip security update
2015-02-11 00:00:00
UnZip multiple security vulnerabilities
2015-02-22 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Intrusion Prevention System (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 )
2022-02-23 19:48:26
Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Protection (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 )
2018-06-16 21:25:44
Security Bulletin: Vulnerabilities in unzip affect Power Hardware Management Console (CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636)
2021-09-23 01:31:39
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:17:42
centos
centos
unzip security update
2015-03-18 18:53:06
amazon
amazon
Medium: unzip
2015-04-15 21:48:00
gentoo
gentoo
UnZip: Multiple vulnerabilities
2016-11-01 00:00:00
oraclelinux
oraclelinux
unzip security update
2015-03-18 00:00:00
redhat
redhat
(RHSA-2015:0700) Moderate: unzip security update
2015-03-18 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.3

Confidence

High

EPSS

0.259

Percentile

96.7%

JSON
Related for CVE-2014-9636
cbl_mariner3openvas19nessus26alpinelinux1checkpoint_advisories1fedora4nvd1archlinux1prion1freebsd1debiancve1ubuntucve1cvelist1ubuntu1debian3suse2osv1securityvulns2ibm7veracode1centos1amazon1gentoo1oraclelinux1redhat1