5
CVE-2014-9636
- EPSS 11.56%
- Veröffentlicht 06.02.2015 15:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Unzip Project ≫ Unzip Version6.0
Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.10
Debian ≫ Debian Linux Version7.0
Fedoraproject ≫ Fedora Version20
Fedoraproject ≫ Fedora Version21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.56% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html
http://seclists.org/oss-sec/2014/q4/1131
http://seclists.org/oss-sec/2014/q4/489
http://seclists.org/oss-sec/2014/q4/496
http://seclists.org/oss-sec/2015/q1/216
http://secunia.com/advisories/62738
http://secunia.com/advisories/62751
http://www.debian.org/security/2015/dsa-3152
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
http://www.securityfocus.com/bid/71825
http://www.ubuntu.com/usn/USN-2489-1
https://security.gentoo.org/glsa/201611-01