CVE-2014-9636

EPSS 58.4%

unzip - security update

發布日:2015/2/6修改日:2026/4/28

描述

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

受影響套件(3)

Alpine/unzipfrom 0, < 6.0-r3
Debian/unzipfrom 0, < 6.0-15
Debian/unzipfrom 0, < 6.0-8+deb7u2

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2014-9636
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9636