unzip: Heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035)
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to
possibly achieve code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000035
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
(from redmine: issue id 9286, created on 2018-08-20, closed on 2018-08-22)
- Relations:
- copied_to #9287 (closed)
- copied_to #9288 (closed)
- copied_to #9289 (closed)
- copied_to #9290 (closed)
- child #9287 (closed)
- child #9288 (closed)
- child #9289 (closed)
- child #9290 (closed)