[arch-security] [ASA-201501-3] unzip: arbitrary code execution
anthraxx at archlinux.org
Sat Jan 10 23:36:54 UTC 2015
Arch Linux Security Advisory ASA-201501-3
Date : 2015-01-10
CVE-ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
Package : unzip
Type : arbitrary code execution
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
The package unzip before version 6.0-9 is vulnerable to arbitrary code
execution and denial of service through multiple heap buffer overflows.
Upgrade to 6.0-9.
# pacman -Syu "unzip>=6.0-9"
The problems have not been fixed upstream but patches were added.
- CVE-2014-8139 (heap buffer overflow)
A heap-based buffer overflow exists in the CRC32 verification that
allows attackers to potentially execute arbitrary code or cause a denial
of service (memory corruption).
- CVE-2014-8140 (out-of-bounds read/write)
Out-of-bounds access (both read and write) issues exist in
test_compr_eb() that can result in application crash or arbitrary code
- CVE-2014-8141 (out-of-bounds read)
Two out-of-bounds read issues exist in getZip64Data() that allows
attackers to cause a denial of service.
An attacker is able to execute arbitrary code or cause a denial of
service through a specially crafted zip file passed to the command unzip -t.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security