Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unzip vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv2
CVE-2005-4667
Buffer overflow in UnZip 5.50 and previous versions allows user-assisted malicious users to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability...
Info-zip Unzip 5.2
Info-zip Unzip 5.3
Info-zip Unzip 5.31
Info-zip Unzip 5.41
Info-zip Unzip 5.42
Info-zip Unzip 5.50
Info-zip Unzip 5.32
Info-zip Unzip 5.40
1 EDB exploit
6.8
CVSSv2
CVE-2018-1000035
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an malicious user to perform a denial of service or to possibly achieve code execution.
Unzip Project Unzip
NA
CVE-2020-36561
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Unzip Project Unzip
4.3
CVSSv2
CVE-2018-18384
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
Unzip Project Unzip 6.0
NA
CVE-2020-36560
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Go-unzip Project Go-unzip
6.2
CVSSv2
CVE-2005-0602
Unzip 5.51 and previous versions does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
Info-zip Unzip
Info-zip Unzip 5.50
2.1
CVSSv2
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Unzip Project Unzip 6.0
Debian Debian Linux 8.0
2.1
CVSSv2
CVE-2001-1268
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and previous versions allows malicious users to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
Info-zip Unzip
2.1
CVSSv2
CVE-2001-1269
Info-ZIP UnZip 5.42 and previous versions allows malicious users to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
Info-zip Unzip
9.3
CVSSv2
CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or...
Info-zip Unzip
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »