Back to search
CVE-2022-0530
Published: Feb 9, 2022
Modified: Feb 13, 2025
PUBLISHED
Description
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | unzip | affected 6.0 |
References
https://bugzilla.redhat.com/show_bug.cgi?id=2051395
x_refsource_MISC
https://github.com/ByteHackr/unzip_poc
x_refsource_MISC
https://support.apple.com/kb/HT213257
x_refsource_CONFIRM
https://support.apple.com/kb/HT213256
x_refsource_CONFIRM
https://support.apple.com/kb/HT213255
x_refsource_CONFIRM
20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
mailing-list
x_refsource_FULLDISC
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
mailing-list
x_refsource_FULLDISC
20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
mailing-list
x_refsource_FULLDISC
DSA-5202
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now