Published: 06/11/2015 Updated: 16/12/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Info-ZIP UnZip 6.0 allows remote malicious users to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
canonical ubuntu linux 15.10
canonical ubuntu linux 15.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
debian debian linux 7.0
unzip project unzip 6.0

Debian Bug report logs - #802162 CVE-2015-7696: unzip: Heap buffer overflow when extracting password-protected archive Package: unzip; Maintainer for unzip is Santiago Vila <sanvila@debianorg>; Source for unzip is src:unzip (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Sat, 17 Oct 2015 20:54:06 ...

Debian Bug report logs - #802160 CVE-2015-7697: unzip: Infinite loop when extracting password-protected archive Package: unzip; Maintainer for unzip is Santiago Vila <sanvila@debianorg>; Source for unzip is src:unzip (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Sat, 17 Oct 2015 20:42:01 UTC S ...

Two vulnerabilities have been found in unzip, a de-archiver for zip files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7696 Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives If a user or automated system were tricked into processing a speciall ...

USN-2788-1 introduced a regression in unzip ...

unzip could be made to crash or run programs as your login if it opened a specially crafted file ...

Info-ZIP UnZip 60 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive (CVE-2015-7697) Buffer overflow in the zi_short function in zipinfoc in Info-Zip UnZip 60 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file hea ...

Welcome to the CVE Scanner wiki! What is CVE-scanner? This project provides a way that you can manage the risk inherited by using open source and third party source projects This provides you with intelligent Software Composition Analysis to identify and reduce risk Inputs from your project The project is a python based NIST-CVE library search engine for use with your own cus

CWE-399 http://www.securitytracker.com/id/1034027 http://sourceforge.net/p/infozip/patches/23/http://www.debian.org/security/2015/dsa-3386 http://www.openwall.com/lists/oss-security/2015/09/15/6 http://www.securityfocus.com/bid/76863 http://www.openwall.com/lists/oss-security/2015/09/07/4 http://www.openwall.com/lists/oss-security/2015/10/11/5 http://www.ubuntu.com/usn/USN-2788-1 http://www.ubuntu.com/usn/USN-2788-2 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802162 https://usn.ubuntu.com/2788-2/https://www.debian.org/security/./dsa-3386

CVE-2015-7697

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect