9.3

CVE-2008-0888

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
ApplemacOS X Version < 10.6.3
DebianDebian Linux Version4.0
Unzip ProjectUnzip Version < 6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.29% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Third Party Advisory
http://support.apple.com/kb/HT4077
Third Party Advisory
http://secunia.com/advisories/30535
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/archive/1/493080/100/0/threaded
Broken Link
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1744
Vendor Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
Third Party Advisory
http://secunia.com/advisories/29392
Vendor Advisory
Broken Link
http://secunia.com/advisories/29406
Vendor Advisory
Broken Link
http://secunia.com/advisories/29415
Vendor Advisory
Broken Link
http://secunia.com/advisories/29427
Vendor Advisory
Broken Link
http://secunia.com/advisories/29432
Vendor Advisory
Broken Link
http://secunia.com/advisories/29440
Vendor Advisory
Broken Link
http://secunia.com/advisories/29495
Vendor Advisory
Broken Link
http://secunia.com/advisories/29681
Vendor Advisory
Broken Link
http://secunia.com/advisories/31204
Vendor Advisory
Broken Link
http://security.gentoo.org/glsa/glsa-200804-06.xml
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0116
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116
Broken Link
http://www.debian.org/security/2008/dsa-1522
Third Party Advisory
http://www.ipcop.org/index.php?name=News&file=article&sid=40
Broken Link
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:068
Not Applicable
http://www.redhat.com/support/errata/RHSA-2008-0196.html
Third Party Advisory
http://www.securityfocus.com/archive/1/489967/100/0/threaded
Broken Link
http://www.securityfocus.com/bid/28288
Broken Link
http://www.securitytracker.com/id?1019634
Broken Link
http://www.ubuntu.com/usn/usn-589-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/0913/references
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/41246
Third Party Advisory
https://issues.rpath.com/browse/RPL-2317
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9733
Broken Link