Vulnerability CVE-2014-8140: Information
Description
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
unzip | sisyphus | 6.0-alt4 | 6.0-alt5 | ALT-PU-2020-3276-1 | 261685 | Fixed |
unzip | p10 | 6.0-alt4 | 6.0-alt5 | ALT-PU-2020-3276-1 | 261685 | Fixed |
unzip | p9 | 6.0-alt4 | 6.0-alt4 | ALT-PU-2020-3294-1 | 261695 | Fixed |
unzip | c10f1 | 6.0-alt4 | 6.0-alt5 | ALT-PU-2020-3276-1 | 261685 | Fixed |
unzip | c9f2 | 6.0-alt4 | 6.0-alt5 | ALT-PU-2020-3281-1 | 261697 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1174851 |
|
http://www.securitytracker.com/id/1031433 |
|
http://www.ocert.org/advisories/ocert-2014-011.html |
|
https://access.redhat.com/errata/RHSA-2015:0700 |
|