CVE-2020-24175

Exploit

EPSS 1.73%
Published 22.02.2021 16:15:12
Last modified 21.11.2024 05:14:27
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Yz1 ≫ Yz1 Version0.30

Yz1 ≫ Yz1 Version0.32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.73%	0.807

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://yz1.com

Product

Permissions Required

https://gist.github.com/illikainen/315a420a9c28cbe882e16b8eba40b2e1

Third Party Advisory

Exploit

https://gist.github.com/illikainen/ced14e08e00747fef613ba619bb25bb4

Third Party Advisory

Exploit

https://illikainen.dev/advisories/014-yz1-izarc

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-24175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24175

EUVD