Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2004-1010

Published: 01/03/2005 Updated: 03/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Zip

Vulnerability Summary

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote malicious users to execute arbitrary code via a ZIP file containing a long pathname.

Vulnerable Product Search on Vulmon Subscribe to Product

info-zip zip 2.3

Vendor Advisories

Red Hat: zip security update
Synopsis zip security update Type/Severity Security Advisory: Low Topic An updated zip package that fixes a buffer overflow vulnerability is nowavailable Description The zip program is an archiving utility which can create ZIP-compatiblearchivesA buffer overflow bug has been discovered in ...
Ubuntu Security Notice: zip vulnerability
HexView discovered a buffer overflow in the zip package The overflow is triggered by creating a ZIP archive of files with very long path names This vulnerability might result in execution of arbitrary code with the privileges of the user who calls zip ...
Debian Security Advisories: DSA-624-1 zip -- buffer overflow
A buffer overflow has been discovered in zip, the archiver for zip files When doing recursive folder compression the program did not check the resulting path length, which would lead to memory being overwritten A malicious person could convince a user to create an archive containing a specially crafted path name, which could lead to the executio ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/11603http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.htmlhttp://www.hexview.com/docs/20041103-1.txthttp://www.debian.org/security/2005/dsa-624https://bugzilla.fedora.us/show_bug.cgi?id=2255http://security.gentoo.org/glsa/glsa-200411-16.xmlhttp://www.redhat.com/support/errata/RHSA-2004-634.htmlhttp://www.turbolinux.com/security/2005/TLSA-2005-18.txthttp://www.ciac.org/ciac/bulletins/p-072.shtmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:141http://secunia.com/advisories/13094/http://www.info-zip.org/FAQ.htmlhttp://marc.info/?l=bugtraq&m=109958840611053&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/17956https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848https://usn.ubuntu.com/18-1/https://access.redhat.com/errata/RHSA-2004:634https://usn.ubuntu.com/18-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook