Launchpad CVE tracker

CVE 2018-1000035

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.

Related bugs and status

CVE-2018-1000035 (Candidate) is related to these bugs:

Bug #387350: Buffer overflow in unzip with hand-crafted ZIP file

Summary				In	Importance	Status
	387350	Buffer overflow in unzip with hand-crafted ZIP file		unzip (Ubuntu)	Low	Fix Released
	387350	Buffer overflow in unzip with hand-crafted ZIP file		unzip	Unknown	Unknown

Bug #1643750: Buffer Overflow in ZipInfo

Summary				In	Importance	Status
	1643750	Buffer Overflow in ZipInfo		unzip (Ubuntu)	Low	Fix Released

Bug #1824530: Heap Buffer Overflow in UzpPassword

Summary				In	Importance	Status
	1824530	Heap Buffer Overflow in UzpPassword		unzip (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://sec-consult.co...
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-202003-58

Launchpad.net

CVE 2018-1000035

Related bugs and status

Related bugs

References