CVE-2019-13232
Description
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a better zip bomb issue.
Risk Information
Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.047
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:1181) unzip security update unzip-6.0-21.el7.x86_64.rpm | Linux |
| (RHSA-2020:1787) unzip security update unzip-6.0-43.el8.x86_64.rpm | Linux |
| (RHSA-2020:1787) unzip security update unzip-debugsource-6.0-43.el8.x86_64.rpm | Linux |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-20ubuntu1.1_i386.deb | Linux |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-20ubuntu1.1_amd64.deb | Linux |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-21ubuntu1.1_i386.deb | Linux |
| De-archiver for .zip files (USN-4672-1) unzip_6.0-21ubuntu1.1_amd64.deb | Linux |
| (CESA-2020:1787) unzip security update unzip-6.0-43.el8.x86_64.rpm | Linux |
| (CESA-2020:1181) unzip security update unzip-6.0-21.el7.x86_64.rpm | Linux |
| (RHSA-2020:1181)Low: security update unzip-debuginfo-6.0-21.el7.x86_64.rpm | Linux |
| (RHSA-2020:1787)Low: security update unzip-debuginfo-6.0-43.el8.x86_64.rpm | Linux |
| Unzip update (ELSA-2020-1181) unzip-6.0-21.el7.x86_64.rpm | Linux |
| Unzip update (ELSA-2020-1787) unzip-6.0-43.el8.x86_64.rpm | Linux |
| Uncontrolled Resource Consumption Vulnerability (CVE-2019-13232) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234