A vulnerability classified as problematic was found in UnZip (affected version not known). This vulnerability affects some unknown functionality of the component Archive File Handler. The manipulation with an unknown input leads to a resource management vulnerability. The CWE definition for the vulnerability is CWE-399. As an impact it is known to affect availability. CVE summarizes:

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.

The weakness was released 10/30/2015 by Gustavo Grieco (Website). The advisory is shared for download at info-zip.org. This vulnerability was named CVE-2015-7697 since 10/04/2015. The exploitation appears to be difficult. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 86551 , which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 171621 (SUSE Enterprise Linux Security Update for unzip (SUSE-SU-2018:2978-1)).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Tenable (86551). Entries connected to this vulnerability are available at 73897, 78975, 95463 and 95531.

Productinfo

Name

• UnZip

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion