Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202003-58
HistoryMar 26, 2020 - 12:00 a.m.

UnZip: User-assisted execution of arbitrary code

2020-03-2600:00:00
Gentoo Foundation
security.gentoo.org
60

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

8

Confidence

Low

EPSS

0.012

Percentile

85.2%

JSON

Background

Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files.

Description

Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted ZIP archive using UnZip, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All UnZip users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p25"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-arch/unzip< 6.0_p25UNKNOWN

Related

nessus 55
openvas 20
prion 2
veracode 2
redhat 5
debiancve 2
checkpoint_advisories 1
cbl_mariner 6
osv 6
fedora 1
ubuntucve 2
cloudfoundry 1
cve 2
nvd 2
redhatcve 2
ubuntu 1
photon 12
debian 3
alpinelinux 2
cvelist 2
almalinux 1
oraclelinux 2
amazon 2
mageia 2
centos 1
ibm 4
f5 1
suse 2
rosalinux 1
packetstorm 1
slackware 1
zdt 1
nessus
nessus
EulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-1880)
2019-09-16 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : unzip (EulerOS-SA-2019-1949)
2019-09-17 00:00:00
GLSA-202003-58 : UnZip: User-assisted execution of arbitrary code
2020-03-27 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2019-1949)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1462)
2020-04-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0465-1)
2021-06-09 00:00:00
prion
prion
Design/Logic Flaw
2019-07-04 13:15:00
Heap overflow
2018-02-09 23:29:00
veracode
veracode
Denial Of Service (DoS)
2020-04-01 00:38:39
Denial Of Service(DoS)
2020-12-17 06:43:42
redhat
redhat
(RHSA-2020:1787) Low: unzip security update
2020-04-28 09:16:24
(RHSA-2020:2486) Low: unzip security update
2020-06-10 15:00:54
(RHSA-2020:1181) Low: unzip security update
2020-03-31 09:29:08
debiancve
debiancve
CVE-2019-13232
2019-07-04 13:15:10
CVE-2018-1000035
2018-02-09 23:29:01
checkpoint_advisories
checkpoint_advisories
InfoZip UnZip Buffer Overflow (CVE-2018-1000035)
2022-09-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-1000035 affecting package unzip 6.0-19
2020-10-08 18:09:51
CVE-2018-1000035 affecting package unzip for versions less than 6.0-20
2024-03-19 17:21:46
CVE-2018-1000035 affecting package unzip for versions less than 6.0-19
2022-04-09 06:51:51
osv
osv
unzip - security update
2020-01-28 00:00:00
CVE-2018-1000035
2018-02-09 23:29:01
unzip vulnerabilities
2020-12-16 17:27:07
fedora
fedora
[SECURITY] Fedora 27 Update: unzip-6.0-37.fc27
2018-03-06 17:36:06
ubuntucve
ubuntucve
CVE-2018-1000035
2018-02-09 00:00:00
CVE-2019-13232
2019-07-04 00:00:00
cloudfoundry
cloudfoundry
USN-4672-1: unzip vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
cve
cve
CVE-2018-1000035
2018-02-09 23:29:01
CVE-2019-13232
2019-07-04 13:15:10
nvd
nvd
CVE-2018-1000035
2018-02-09 23:29:01
CVE-2019-13232
2019-07-04 13:15:10
redhatcve
redhatcve
CVE-2018-1000035
2018-02-08 09:19:14
CVE-2019-13232
2019-07-08 06:51:23
ubuntu
ubuntu
unzip vulnerabilities
2020-12-16 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0052
2018-06-01 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0144
2018-06-01 00:00:00
Important Photon OS Security Update - PHSA-2018-0052
2018-06-01 00:00:00
debian
debian
[SECURITY] [DLA 2082-1] unzip security update
2020-01-28 21:18:22
[SECURITY] [DLA 1846-2] unzip regression update
2019-07-28 22:40:22
[SECURITY] [DLA 1846-1] unzip security update
2019-07-07 20:09:22
alpinelinux
alpinelinux
CVE-2018-1000035
2018-02-09 23:29:01
CVE-2019-13232
2019-07-04 13:15:10
cvelist
cvelist
CVE-2018-1000035
2018-02-09 23:00:00
CVE-2019-13232
2019-07-04 12:03:06
almalinux
almalinux
Low: unzip security update
2020-04-28 09:16:24
oraclelinux
oraclelinux
unzip security update
2020-04-06 00:00:00
unzip security update
2020-05-05 00:00:00
amazon
amazon
Low: unzip
2020-10-22 18:43:00
Important: unzip
2021-02-17 18:14:00
mageia
mageia
Updated unzip package fixes a security vulnerability
2021-01-17 19:07:01
Updated unzip packages fix security vulnerabilities
2018-10-30 21:01:43
centos
centos
unzip security update
2020-04-08 20:06:45
ibm
ibm
Security Bulletin: Unzip as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-13232)
2020-10-13 16:56:16
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2019-13232)
2020-07-23 21:36:06
Security Bulletin: IBM DataPower Gateway may allow a potential DoS when importing malicious ZIP files (CVE-2019-13232)
2021-06-08 22:33:53
f5
f5
K80311892 : InfoZIP vulnerability CVE-2019-13232
2019-10-17 00:00:00
suse
suse
Security update for unzip (moderate)
2018-07-07 03:08:17
Security update for unzip (moderate)
2018-10-05 21:18:21
rosalinux
rosalinux
Advisory ROSA-SA-2021-1991
2021-07-02 18:18:35
packetstorm
packetstorm
InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow
2018-02-07 00:00:00
slackware
slackware
[slackware-security] infozip
2019-03-01 20:58:06
zdt
zdt
InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow Vulnerability
2018-02-08 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

8

Confidence

Low

EPSS

0.012

Percentile

85.2%

JSON
Related for GLSA-202003-58
nessus55openvas20prion2veracode2redhat5debiancve2checkpoint_advisories1cbl_mariner6osv6fedora1ubuntucve2cloudfoundry1cve2nvd2redhatcve2ubuntu1photon12debian3alpinelinux2cvelist2almalinux1oraclelinux2amazon2mageia2centos1ibm4f51suse2rosalinux1packetstorm1slackware1zdt1