Nixpkgs Security Tracker

Dismissed

Permalink CVE-2014-8141

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- runzip
- ripunzip
- unzipNLS
- haskellPackages.unzip-traversable
- haskellPackages.wai-middleware-gunzip
1 month ago
@LeSuisse dismissed 1 month ago

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip …

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

References

https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC x_transferred
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_refsource_MISC x_transferred
http://www.securitytracker.com/id/1031433 x_refsource_MISC x_transferred
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_refsource_MISC x_transferred
http://www.securitytracker.com/id/1031433 x_refsource_MISC x_transferred
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC x_transferred
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC x_transferred

Affected products

UnZip

==6.0 and earlier

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

Ignored packages (5)

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/173f41cf0bc618f0b2c313b1915fee8d8a6d0ee2

Suggestion detail