Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0530

Опубликовано: 31 янв. 2022
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

A flaw was found in Unzip. The vulnerability occurs during the conversion of a UTF-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.

Отчет

This issue is classified with a low severity primarily because untrusted zip files are not typically extracted with the root user, limiting the impact of this issue. Additionally, this segmentation fault is caused by a NULL pointer dereference and is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with unzip. Furthermore, unzip does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6unzipOut of support scope
Red Hat Enterprise Linux 7unzipOut of support scope
Red Hat Enterprise Linux 8unzipFix deferred
Red Hat Enterprise Linux 9unzipFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2051395unzip: SIGSEGV during the conversion of an utf-8 string to a local string

EPSS

Процентиль: 37%
0.00163
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0530

CVSS3: 5.5
ubuntu
почти 4 года назад

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

nvd логотип

CVE-2022-0530

CVSS3: 5.5
nvd
почти 4 года назад

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

msrc логотип

CVE-2022-0530

CVSS3: 5.5
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2022-0530

CVSS3: 5.5
debian
почти 4 года назад

A flaw was found in Unzip. The vulnerability occurs during the convers ...

github логотип

GHSA-8p3j-58qw-jhp4

CVSS3: 7.8
github
почти 4 года назад

A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

EPSS

Процентиль: 37%
0.00163
Низкий

5.5 Medium

CVSS3