Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Info-zip
  • Unzip

Configuration 1 [-]

cpe:2.3:a:info-zip:unzip:*:*:*:*:*:*:*:*
References
Link Resource
http://online.securityfocus.com/archive/1/196445 Exploit Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1
http://www.info-zip.org/pub/infozip/UnZip.html
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-05-03T04:00:00

Updated: 2010-05-21T00:00:00

Reserved: 2002-05-01T00:00:00

Link: CVE-2001-1268

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2001-07-12T04:00:00.000

Modified: 2010-05-25T04:10:12.967

Link: CVE-2001-1268

JSON object: View

cve-icon Redhat Information

No data.

CWE