Unzip Project Unzip 1.0.3-0.20200308084313-2adbaa4891b9 for Go

CPE Details

Unzip Project Unzip 1.0.3-0.20200308084313-2adbaa4891b9 for Go
unzip_project
unzip
1.0.3-0.20200308084313-2adbaa4891b9
2023-10-25
10h45 +00:00
2023-10-25
10h45 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:unzip_project:unzip:1.0.3-0.20200308084313-2adbaa4891b9:*:*:*:*:go:*:*

Informations

Vendor

unzip_project

Product

unzip

Version

1.0.3-0.20200308084313-2adbaa4891b9

Target Software

go

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2014-8141 2020-01-31 21h08 +00:00 Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
7.8
High
CVE-2014-8140 2020-01-31 21h00 +00:00 Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
7.8
High
CVE-2014-8139 2020-01-31 21h00 +00:00 Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
7.8
High
CVE-2018-1000035 2018-02-09 22h00 +00:00 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.
7.8
High
CVE-2008-0888 2008-03-17 20h00 +00:00 The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
9.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.