CVE-2014-8141

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
redhatCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
unzip_projectunzip
𝑥
≤ 6.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_eus
6.6
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
6.6
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
info-zipunzip
𝑥
≤ 6.0
CNA
Debian logo
Debian Releases
Debian Product
Codename
unzip
bookworm
6.0-28
fixed
bullseye
6.0-26+deb11u1
fixed
bullseye (security)
6.0-26+deb11u1
fixed
sid
6.0-28
fixed
trixie
6.0-28
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
unzip
lucid
Fixed 6.0-1ubuntu0.1
released
precise
Fixed 6.0-4ubuntu2.1
released
trusty
Fixed 6.0-9ubuntu1.1
released
utopic
Fixed 6.0-12ubuntu1.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
unzip
RHEL 6
0:6.0-2.el6_6
fixed
RHEL 7
0:6.0-15.el7
fixed
Common Weakness Enumeration
References
http://www.ocert.org/advisories/ocert-2014-011.html
http://www.securitytracker.com/id/1031433
https://access.redhat.com/errata/RHSA-2015:0700
https://bugzilla.redhat.com/show_bug.cgi?id=1174856
http://www.ocert.org/advisories/ocert-2014-011.html
http://www.securitytracker.com/id/1031433
https://access.redhat.com/errata/RHSA-2015:0700
https://bugzilla.redhat.com/show_bug.cgi?id=1174856