CLD-280 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-1000031 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) unzip
Deficiency Type SECURITY
Date Created 2018-02-08 15:52:42
Date Last Modified 2018-02-09 09:57:42

Version Specific Information:

Cucumber 1.0 i686 not affected
Cucumber 1.0 x86_64 not affected

Cucumber 1.1 i686 not affected
Cucumber 1.1 x86_64 not affected

Details:

From http://www.openwall.com/lists/oss-security/2018/02/08/1:

2) Heap-based out-of-bounds write (CVE-2018-1000031)

This vulnerability only affects UnZip 6.1c22 (next beta version of UnZip).
InfoZip's UnZip suffers from a heap-based out-of-bounds write if the
archive filename does not contain a .zip suffix.