A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
[
{
"product": "unzip",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
]
seclists.org/fulldisclosure/2022/May/33
seclists.org/fulldisclosure/2022/May/35
seclists.org/fulldisclosure/2022/May/38
bugzilla.redhat.com/show_bug.cgi?id=2051395
github.com/ByteHackr/unzip_poc
lists.debian.org/debian-lts-announce/2022/09/msg00028.html
security.gentoo.org/glsa/202310-17
support.apple.com/kb/HT213255
support.apple.com/kb/HT213256
support.apple.com/kb/HT213257
www.debian.org/security/2022/dsa-5202