CVE-2015-1315

EUVD-2015-1456
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
info-zipunzip
6.10b:b
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
unzip
bookworm
6.0-28
fixed
bullseye
6.0-26+deb11u1
fixed
bullseye (security)
6.0-26+deb11u1
fixed
sid
6.0-28
fixed
trixie
6.0-28
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
unzip
lucid
not-affected
precise
Fixed 6.0-4ubuntu2.3
released
trusty
Fixed 6.0-9ubuntu1.3
released
utopic
Fixed 6.0-12ubuntu1.3
released
Common Weakness Enumeration
References
http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt
http://www.openwall.com/lists/oss-security/2015/02/17/4
http://www.ubuntu.com/usn/USN-2502-1
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120
http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt
http://www.openwall.com/lists/oss-security/2015/02/17/4
http://www.ubuntu.com/usn/USN-2502-1
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120