Vulnerability Description
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Info-Zip | Unzip | 6.10b |
Related Weaknesses (CWE)
References
- http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write
- http://www.openwall.com/lists/oss-security/2015/02/17/4
- http://www.ubuntu.com/usn/USN-2502-1PatchVendor Advisory
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120
- http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write
- http://www.openwall.com/lists/oss-security/2015/02/17/4
- http://www.ubuntu.com/usn/USN-2502-1PatchVendor Advisory
- https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120
FAQ
What is CVE-2015-1315?
CVE-2015-1315 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string ...
How severe is CVE-2015-1315?
CVE-2015-1315 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1315?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Info-Zip Unzip.