Voozh

Package(s):

unzip

CVE #(s):

CVE-2014-9636

Created:

January 29, 2015

Updated:

March 29, 2015

Description:

From the Red Hat bugzilla entry:

It was reported that OOB access (both read and write) issues exist in test_compr_eb (extract.c) that can result in application crash or other unspecified impact.

This vulnerability can be triggered via crafted zip archives with extra fields that advertise STORED method compression (i.e. no compression) and have uncompressed field sizes smaller than the corresponding compressed field sizes.

Alerts:

Gentoo	201611-01	unzip	2016-11-01
CentOS	CESA-2015:0700	unzip	2015-04-01
Arch Linux	ASA-201503-9	unzip	2015-03-15
Scientific Linux	SLSA-2015:0700-1	unzip	2015-03-25
Oracle	ELSA-2015-0700	unzip	2015-03-18
Oracle	ELSA-2015-0700	unzip	2015-03-18
CentOS	CESA-2015:0700	unzip	2015-03-18
Red Hat	RHSA-2015:0700-01	unzip	2015-03-18
Fedora	FEDORA-2015-1993	unzip	2015-02-23
Fedora	FEDORA-2015-2035	unzip	2015-02-16
Debian-LTS	DLA-150-1	unzip	2015-02-07
Ubuntu	USN-2489-1	unzip	2015-02-03
Debian	DSA-3152-1	unzip	2015-02-03
Fedora	FEDORA-2015-1267	unzip	2015-01-30
Fedora	FEDORA-2015-1189	unzip	2015-01-28

URL: https://lwn.net/Articles/631118/

⇱ unzip: unspecified impact [LWN.net]

unzip: unspecified impact