A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
References
Link | Resource |
---|---|
https://github.com/ByteHackr/unzip_poc | Exploit Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2051395 | Issue Tracking Third Party Advisory |
https://www.debian.org/security/2022/dsa-5202 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2022-02-09 15:15
Updated : 2022-09-30 07:46
NVD link : CVE-2022-0529
Mitre link : CVE-2022-0529
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
fedoraproject
- fedora
debian
- debian_linux
redhat
- enterprise_linux
unzip_project
- unzip