CVE Vulnerabilities

CVE-2022-0530

Published: Feb 09, 2022 | Modified: Nov 09, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.5 LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
LOW

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Affected Software

Name Vendor Start Version End Version
Unzip Unzip_project 6.0 (including) 6.0 (including)
Unzip Ubuntu bionic *
Unzip Ubuntu esm-infra/xenial *
Unzip Ubuntu focal *
Unzip Ubuntu impish *
Unzip Ubuntu jammy *
Unzip Ubuntu trusty *
Unzip Ubuntu trusty/esm *
Unzip Ubuntu upstream *
Unzip Ubuntu xenial *

References