threat
engine
.sh
Back
·
··:··
Home
/
Product
/
unzip project unzip
Product
unzip project unzip
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2020-36561
< 1.0.3-0.20200308084313-2adbaa4891b9
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside
9.1
CRITICAL
CVE-2021-4217
all versions
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer
3.3
LOW
CVE-2022-0530
all versions
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap
5.5
MEDIUM
CVE-2022-0529
all versions
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap
5.5
MEDIUM
CVE-2014-8141
<= 6.0
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbit
7.8
HIGH
CVE-2014-8140
<= 6.0
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbi
7.8
HIGH
CVE-2014-8139
<= 6.0
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrar
7.8
HIGH
CVE-2019-13232
all versions
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption)
3.3
LOW
CVE-2018-18384
all versions
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size valu
5.5
MEDIUM
CVE-2018-1000035
<= 6.00
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows
7.8
HIGH
CVE-2018-1000034
all versions
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sen
9.1
CRITICAL
CVE-2018-1000033
all versions
An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sen
9.1
CRITICAL
CVE-2018-1000032
all versions
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to
7.8
HIGH
CVE-2018-1000031
all versions
A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to
7.8
HIGH
CVE-2016-9844
all versions
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (
4.0
MEDIUM
CVE-2014-9913
all versions
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (c
4.0
MEDIUM
CVE-2015-7697
all versions
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
CVE-2015-7696
all versions
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or pos
CVE-2015-1315
all versions
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitr
CVE-2014-9636
all versions
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an
CVE-2008-0888
< 6.0
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remot
CVE-2005-4667
all versions
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command lin
CVE-2005-2475
all versions
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it
CVE-2005-0602
<= 5.51
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain
CVE-2003-0282
all versions
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two .
CVE-2001-1269
<= 5.42
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archi
CVE-2001-1268
<= 5.42
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin