CVE-2008-0888

Summary

CVE	CVE-2008-0888
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-03-17 21:44:00 UTC
Updated	2018-10-15 22:03:00 UTC
Description	The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Info-zip	Unzip	All	All	All	All
Application	Info-zip	Unzip	All	All	All	All

References

Reference	Source	Link	Tags
rPath update for unzip - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
IPCop update for various packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
UnZip: User-assisted execution of arbitrary code — Gentoo Linux Documentation	GENTOO	security.gentoo.org
Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability	BID	www.securityfocus.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:007	SUSE	lists.opensuse.org
VMSA-2008-0009.2 - VMware	CONFIRM	www.vmware.com
Ubuntu update for unzip - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
USN-589-1: unzip vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Advisories:rPSA-2008-0116 - rPath Wiki	CONFIRM	wiki.rpath.com
IPCop 1.4.19 / 1.4.20 released :: IPCop.org :: The bad packets stop here!	CONFIRM	www.ipcop.org
Mandriva update for unzip - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Advisories:rPSA-2008-0116 - rPath Wiki	CONFIRM	wiki.rpath.com
Support	REDHAT	www.redhat.com	Vendor Advisory
VMware ESX Server Multiple Security Updates - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Patch, Vendor Advisory
Red Hat update for unzip - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Repository / Oval Repository	OVAL	oval.cisecurity.org
APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3	APPLE	lists.apple.com
UnZip "inflate_dynamic()" Uninitialized Pointers Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
issues.rpath.com/browse/RPL-2317	CONFIRM	issues.rpath.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
UnZip NEEDBITS Macro Memory Free May Let Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Gentoo update for unzip - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Debian update for unzip - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Webmail - OVH	VUPEN	www.vupen.com	Vendor Advisory
About the security content of Security Update 2010-002 / Mac OS X v10.6.3	CONFIRM	support.apple.com
Debian -- Security Information -- DSA-1522-1 unzip	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

900036 CBL-Mariner Linux Security Update for unzip 6.0
901019 Common Base Linux Mariner (CBL-Mariner) Security Update for unzip (6932-1)
903098 Common Base Linux Mariner (CBL-Mariner) Security Update for unzip (2670)
906127 Common Base Linux Mariner (CBL-Mariner) Security Update for unzip (2670-1)
906398 Common Base Linux Mariner (CBL-Mariner) Security Update for unzip (6932-2)