Vulnerability CVE-2021-4217: Information

Description

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Published: Aug. 24, 2022
Modified: Nov. 29, 2022
Error type identifier: CWE-476

Fixed packages

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2044583
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-4217
  • Third Party Advisory
    1. Configuration 1

      cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*