[3.8] unzip: Heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035)
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to
possibly achieve code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000035
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
(from redmine: issue id 9287, created on 2018-08-20, closed on 2018-08-22)
- Relations:
- copied_to #9286 (closed)
- parent #9286 (closed)
- Changesets:
- Revision c1520103 by Natanael Copa on 2018-08-22T08:23:46Z:
main/unzip: fix various CVEs
- CVE-2014-8139
- CVE-2014-8140
- CVE-2014-8141
- CVE-2014-9636
- CVE-2014-9913
- CVE-2016-9844
- CVE-2018-1000035
fixes #9287