Vulnerability CVE-2021-4217: Information

Description

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Severity: LOW (3.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
URL: https://nvd.nist.gov/vuln/detail/CVE-2021-4217
Published: Aug. 24, 2022
Modified: Nov. 21, 2024
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openslpsisyphus2.0.0-alt32.0.0-alt4ALT-PU-2022-2950-2309138Fixed
openslpsisyphus_e2k2.0.0-alt32.0.0-alt4ALT-PU-2022-6834-1-Fixed
openslpsisyphus_riscv642.0.0-alt32.0.0-alt4ALT-PU-2022-6816-1-Fixed
openslpp112.0.0-alt32.0.0-alt4ALT-PU-2022-2950-2309138Fixed
openslpp102.0.0-alt32.0.0-alt3ALT-PU-2022-2974-1309147Fixed
openslpp10_e2k2.0.0-alt32.0.0-alt3ALT-PU-2022-6880-1-Fixed
openslpc10f22.0.0-alt32.0.0-alt3ALT-PU-2022-2974-1309147Fixed
openslpc9f22.0.0-alt32.0.0-alt3ALT-PU-2022-2972-1309148Fixed
unzipsisyphus6.0-alt56.0-alt7ALT-PU-2022-2769-2308257Fixed
unzipsisyphus_e2k6.0-alt56.0-alt6ALT-PU-2022-6505-1-Fixed
unzipsisyphus_riscv646.0-alt56.0-alt7ALT-PU-2022-6499-1-Fixed
unzipp116.0-alt56.0-alt6ALT-PU-2022-2769-2308257Fixed
unzipp106.0-alt56.0-alt5ALT-PU-2022-2845-1308258Fixed
unzipp10_e2k6.0-alt56.0-alt5ALT-PU-2022-6583-1-Fixed
unzipc10f26.0-alt56.0-alt6ALT-PU-2022-2845-1308258Fixed
unzipc9f26.0-alt56.0-alt6ALT-PU-2022-2912-1308259Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2021-4217
  • Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2044583
  • Exploit
  • Issue Tracking
  • Third Party Advisory
BDU:2023-09078
      1. cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top