CVE-2014-9913

low-risk
Published 2017-01-18

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.

Do I need to act?

~
3.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.0/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Unzip

Affected Vendors

Unzip Project

References (12)

Mailing List http://www.openwall.com/lists/oss-security/2014/11/03/5
Mailing List http://www.openwall.com/lists/oss-security/2016/12/05/13
Mailing List http://www.openwall.com/lists/oss-security/2016/12/05/19
Mailing List http://www.openwall.com/lists/oss-security/2016/12/05/20
Third Party Advisory http://www.securityfocus.com/bid/95081
Issue Tracking https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
Mailing List http://www.openwall.com/lists/oss-security/2014/11/03/5
Mailing List http://www.openwall.com/lists/oss-security/2016/12/05/13
Mailing List http://www.openwall.com/lists/oss-security/2016/12/05/19
Mailing List http://www.openwall.com/lists/oss-security/2016/12/05/20
Third Party Advisory http://www.securityfocus.com/bid/95081
Issue Tracking https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
26
/ 100
low-risk
Severity 14/34 · Moderate
Exploitability 7/34 · Low
Exposure 5/34 · Minimal