Vulnerability CVE-2015-7697: Information

Description

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-7697
Published: Nov. 6, 2015
Modified: Dec. 16, 2019
Error type identifier: CWE-399

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
unzipsisyphus6.0-alt46.0-alt5ALT-PU-2020-3276-1261685Fixed
unzipp106.0-alt46.0-alt5ALT-PU-2020-3276-1261685Fixed
unzipp96.0-alt46.0-alt4ALT-PU-2020-3294-1261695Fixed
unzipc10f16.0-alt46.0-alt5ALT-PU-2020-3276-1261685Fixed
unzipc9f26.0-alt46.0-alt5ALT-PU-2020-3281-1261697Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
1034027
    http://sourceforge.net/p/infozip/patches/23/
      DSA-3386
        [oss-security] 20150915 Re: Heap overflow and DoS in unzip 6.0
          76863
            [oss-security] 20150907 Heap overflow and DoS in unzip 6.0
              [oss-security] 20151011 Re: Heap overflow and DoS in unzip 6.0
                USN-2788-1
                  USN-2788-2

                      1. Configuration 1

                        cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
                        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
                        cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
                        cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
                        cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
                        cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

                        Configuration 2

                        cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.5.1
                    Back to top