CVE-2008-0888

EPSS 19.0%

unzip - potential code execution

發布日:2008/3/17修改日:2026/4/28

也稱為:DEBIAN-CVE-2008-0888

描述

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

受影響套件(2)

Debian/unzipfrom 0, < 5.52-11
Debian/unzipfrom 0, < 5.52-1sarge5

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-0888