CVE-2022-0530
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.8%
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
| Vendor | Product | Version | CPE |
|---|---|---|---|
| unzip_project | unzip | * | cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:* |
References
seclists.org/fulldisclosure/2022/May/33
seclists.org/fulldisclosure/2022/May/35
seclists.org/fulldisclosure/2022/May/38
bugzilla.redhat.com/show_bug.cgi?id=2051395
github.com/ByteHackr/unzip_poc
lists.debian.org/debian-lts-announce/2022/09/msg00028.html
security.gentoo.org/glsa/202310-17
support.apple.com/kb/HT213255
support.apple.com/kb/HT213256
support.apple.com/kb/HT213257
www.debian.org/security/2022/dsa-5202
Social References
More
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.8%