Info-ZIP UnZip 5.50

CPE Details

Info-ZIP UnZip 5.50
info-zip
unzip
5.50
2018-06-08
16h38 +00:00
2021-06-10
13h54 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*

Informations

Vendor

info-zip

Product

unzip

Version

5.50

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2008-0888 2008-03-17 20h00 +00:00 The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
9.3
CVE-2005-4667 2006-01-25 20h00 +00:00 Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
3.7
CVE-2005-0602 2005-03-01 04h00 +00:00 Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
6.2
CVE-2003-0282 2003-05-14 02h00 +00:00 Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
2.6