CLD-282 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-1000033 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) unzip
Deficiency Type SECURITY
Date Created 2018-02-08 15:53:02
Date Last Modified 2018-02-09 09:59:45

Version Specific Information:

Cucumber 1.0 i686 not affected
Cucumber 1.0 x86_64 not affected

Cucumber 1.1 i686 not affected
Cucumber 1.1 x86_64 not affected

Details:

From http://www.openwall.com/lists/oss-security/2018/02/08/1:

3) Heap/BSS-based buffer overflow (Bypass of CVE-2015-1315) (CVE-2018-1000032)

This vulnerability only affects UnZip 6.1c22 (next beta version of UnZip).
InfoZip's UnZip suffers from a heap/BSS-based buffer-overflow which
can be used to write null-bytes out-of-bound when converting
attacker-controlled strings to the local charset.