CVE-2016-9844

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.

References

http://www.openwall.com/lists/oss-security/2016/12/05/13

http://www.openwall.com/lists/oss-security/2016/12/05/19

http://www.openwall.com/lists/oss-security/2016/12/05/20

http://www.securityfocus.com/bid/94728

https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750

Details

Source: MITRE

Published: 2017-01-18

Updated: 2019-12-16

Type: CWE-119

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 2.5

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
146632Amazon Linux 2 : unzip (ALAS-2021-1604)NessusAmazon Linux Local Security Checks
high
144337Ubuntu 16.04 LTS / 18.04 LTS : unzip vulnerabilities (USN-4672-1)NessusUbuntu Local Security Checks
high
131583EulerOS 2.0 SP2 : unzip (EulerOS-SA-2019-2429)NessusHuawei Local Security Checks
high
122576Slackware 14.0 / 14.1 / 14.2 / current : infozip (SSA:2019-060-01)NessusSlackware Local Security Checks
high
121930Photon OS 2.0: Unzip PHSA-2018-2.0-0029NessusPhotonOS Local Security Checks
medium
117981openSUSE Security Update : unzip (openSUSE-2018-1124)NessusSuSE Local Security Checks
high
117902SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2018:2978-1)NessusSuSE Local Security Checks
high
111889Photon OS 1.0: Bash / Glibc / Libgcrypt / Libtar / Openjdk / Openjre / Strongswan / Unzip PHSA-2017-0040 (deprecated)NessusPhotonOS Local Security Checks
critical
111293Photon OS 2.0 : unzip / libtar (PhotonOS-PHSA-2018-2.0-0029) (deprecated)NessusPhotonOS Local Security Checks
high
110746EulerOS 2.0 SP3 : unzip (EulerOS-SA-2018-1170)NessusHuawei Local Security Checks
medium
97654SUSE SLES11 Security Update : unzip (SUSE-SU-2017:0639-1)NessusSuSE Local Security Checks
medium
96022Fedora 24 : unzip (2016-80a2fba8aa)NessusFedora Local Security Checks
medium
96020Fedora 25 : unzip (2016-3b4de2babd)NessusFedora Local Security Checks
medium
95774Debian DLA-741-1 : unzip security updateNessusDebian Local Security Checks
medium