Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unzip vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4667
Buffer overflow in UnZip 5.50 and previous versions allows user-assisted malicious users to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability...
Info-zip Unzip 5.2
Info-zip Unzip 5.3
Info-zip Unzip 5.31
Info-zip Unzip 5.41
Info-zip Unzip 5.42
Info-zip Unzip 5.50
Info-zip Unzip 5.32
Info-zip Unzip 5.40
1 EDB exploit
9.1
CVSSv3
CVE-2020-36561
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Unzip Project Unzip
7.8
CVSSv3
CVE-2018-1000035
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an malicious user to perform a denial of service or to possibly achieve code execution.
Unzip Project Unzip
5.5
CVSSv3
CVE-2018-18384
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
Unzip Project Unzip 6.0
9.1
CVSSv3
CVE-2020-36560
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Go-unzip Project Go-unzip
NA
CVE-2005-0602
Unzip 5.51 and previous versions does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
Info-zip Unzip
Info-zip Unzip 5.50
3.3
CVSSv3
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Unzip Project Unzip 6.0
Debian Debian Linux 8.0
NA
CVE-2001-1268
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and previous versions allows malicious users to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
Info-zip Unzip
NA
CVE-2001-1269
Info-ZIP UnZip 5.42 and previous versions allows malicious users to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
Info-zip Unzip
NA
CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or...
Info-zip Unzip
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »