CVE-2014-9913
Published: 18 January 2017
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
Priority
CVSS 3 base score: 4.0
Status
Package | Release | Status |
---|---|---|
unzip Launchpad, Ubuntu, Debian |
Upstream |
Released
(6.0-21)
|
Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(6.0-21ubuntu1)
|
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(6.0-21ubuntu1)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(6.0-21ubuntu1)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(6.0-21ubuntu1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(6.0-20ubuntu1.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(6.0-9ubuntu1.6)
|
|
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. |
Notes
Author | Note |
---|---|
tyhicks | In Ubuntu, this is reduced to a DoS thanks to zipinfo being built with -D_FORTIFY_SOURCE=2 See LP: #1643750 for a reproducer |