CLD-280 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
unzip |
| Deficiency Type |
SECURITY |
| Date Created |
2018-02-08 15:52:42 |
| Date Last Modified |
2018-02-09 09:57:42 |
Version Specific Information:
| Cucumber 1.0 i686 | not affected |
| Cucumber 1.0 x86_64 | not affected |
| Cucumber 1.1 i686 |
not affected |
| Cucumber 1.1 x86_64 |
not affected |
Details:
From http://www.openwall.com/lists/oss-security/2018/02/08/1:
2) Heap-based out-of-bounds write (CVE-2018-1000031)
This vulnerability only affects UnZip 6.1c22 (next beta version of UnZip).
InfoZip's UnZip suffers from a heap-based out-of-bounds write if the
archive filename does not contain a .zip suffix.