Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unzip: improper handling of Unicode strings #8174

Open
KexyBiscuit opened this issue Oct 6, 2024 · 0 comments
Open

unzip: improper handling of Unicode strings #8174

KexyBiscuit opened this issue Oct 6, 2024 · 0 comments
Assignees
@KexyBiscuit
Labels
security Topic/issue involves a security issue/fixed

Comments

@KexyBiscuit
Copy link
Member

Affected package (and version)

unzip (2:6.0-3)

CVE ID(s)

CVE-2021-4217

Severity

Low

Other security advisory ID(s)

Description/References

  • A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
  • CWE-476: CWE-476 - NULL Pointer Dereference
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L (Ubuntu)

Patch(es)/Solution(s)
@KexyBiscuit KexyBiscuit added the security Topic/issue involves a security issue/fixed label Oct 6, 2024
@KexyBiscuit KexyBiscuit self-assigned this Oct 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KexyBiscuit KexyBiscuit

Labels
security Topic/issue involves a security issue/fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KexyBiscuit