Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-13232

Опубликовано: 02 июл. 2019
Источник: redhat
CVSS3: 4
EPSS Низкий

Описание

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

Отчет

This issue affects the versions of unzip as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5unzipOut of support scope
Red Hat Enterprise Linux 6unzipOut of support scope
Red Hat Enterprise Linux 7unzipFixedRHSA-2020:118131.03.2020
Red Hat Enterprise Linux 7.7 Extended Update SupportunzipFixedRHSA-2020:248612.06.2020
Red Hat Enterprise Linux 8unzipFixedRHSA-2020:178728.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1727761unzip: overlapping of files in ZIP container leads to denial of service

EPSS

Процентиль: 14%
0.00046
Низкий

4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-13232

CVSS3: 3.3
ubuntu
около 6 лет назад

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

nvd логотип

CVE-2019-13232

CVSS3: 3.3
nvd
около 6 лет назад

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

msrc логотип

CVE-2019-13232

CVSS3: 3.3
msrc
около 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-13232

CVSS3: 3.3
debian
около 6 лет назад

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...

github логотип

GHSA-8vm7-647w-p9g4

CVSS3: 3.3
github
больше 3 лет назад

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

EPSS

Процентиль: 14%
0.00046
Низкий

4 Medium

CVSS3