Уязвимость записи за пределами кучи в "Unzip" при конверсии широких строк в локальные
Описание
В Unzip обнаружена уязвимость, возникающая при конвертации широкой строки в локальную строку, что приводит к неконтролируемой записи за пределами кучи. Эта уязвимость позволяет злоумышленнику ввести специально сформированный ZIP-файл, что приводит к аварийному завершению работы или выполнению кода.
Тип уязвимости
- Запись данных за пределами кучи (heap of out-of-bound write)
- Выполнение кода
- Аварийное завершение работы
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
A flaw was found in Unzip. The vulnerability occurs during the convers ...
A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
EPSS
5.5 Medium
CVSS3
4.3 Medium
CVSS2