CVE-2014-8141
Description
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.072
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| De-archiver for .zip files (USN-2472-1) unzip_6.0-9ubuntu1.5_i386.deb | Linux |
| De-archiver for .zip files (USN-2472-1) unzip_6.0-9ubuntu1.5_amd64.deb | Linux |
| network-related giomodules for GLib (USN-2913-2) glib-networking_2.46.0-1ubuntu0.1_i386.deb | Linux |
| network-related giomodules for GLib (USN-2913-2) glib-networking_2.46.0-1ubuntu0.1_amd64.deb | Linux |
| unzip regression update(DSA-3386-2) unzip_6.0-8+deb7u5_i386.deb | Linux |
| unzip regression update(DSA-3386-2) unzip_6.0-8+deb7u5_amd64.deb | Linux |
| (RHSA-2015:0700) Moderate: unzip security update unzip-6.0-15.el7.x86_64.rpm | Linux |
| (RHSA-2015:0700) Moderate: unzip security update unzip-6.0-2.el6_6.i686.rpm | Linux |
| (RHSA-2015:0700) Moderate: unzip security update unzip-6.0-2.el6_6.x86_64.rpm | Linux |
| Out-of-bounds Write Vulnerability (CVE-2014-8141) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234