CVE-2018-1000035
Published: 09 February 2018
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
Priority
Low
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
unzip Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(6.0-22ubuntu1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(6.0-21ubuntu1.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(6.0-20ubuntu1.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(6.0-9ubuntu1.6)
|
Notes
| Author | Note |
|---|---|
| ratliff | mitigated by FORTIFY_SOURCE |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035
- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
- https://ubuntu.com/security/notices/USN-4672-1
- NVD
- Launchpad
- Debian