(CVE-2014-8140)Ī buffer overflow flaw was found in the way unzip handled Zip64 files.Ī specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139)Īn integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. (CVE-2014-9636)Ī buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. The unzip utility is used to list, test, or extract files from a zip archive.Ī buffer overflow was found in the way unzip uncompressed certain extra fields of a file. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Red Hat Product Security has rated this update as having Moderate security impact. Updated unzip packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The remote Red Hat host is missing one or more security updates. Required KB Items : Host/cpu, Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-listĬVE : CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636ĬPE : cpe:/o:redhat:enterprise_linux:6, cpe:/o:redhat:enterprise_linux:6.6, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7.1, cpe:/o:redhat:enterprise_linux:7.2, cpe:/o:redhat:enterprise_linux:7.3, cpe:/o:redhat:enterprise_linux:7.4, cpe:/o:redhat:enterprise_linux:7.5, cpe:/o:redhat:enterprise_linux:7.6, cpe:/o:redhat:enterprise_linux:7.7, p-cpe:/a:redhat:enterprise_linux:unzip, p-cpe:/a:redhat:enterprise_linux:unzip-debuginfo Plugin Family: Red Hat Local Security Checks
19 Ways to Bypass Software Restrictions and Spawn a Shell.Top 16 Active Directory Vulnerabilities.Top 10 Vulnerabilities: Internal Infrastructure Pentest.