Suggestions search

All statuses

Filter by:

With package: unzip

Found 4 matching suggestions

View:

Compact

Detailed

Dismissed

Permalink CVE-2008-0888

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 6 months ago
@LeSuisse removed
5 packages
- runzip
- ripunzip
- unzipNLS
- haskellPackages.unzip-traversable
- haskellPackages.wai-middleware-gunzip
1 month ago
@LeSuisse dismissed 1 month ago

The NEEDBITS macro in the inflate_dynamic function in inflate.c for …

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

References

29415 x_refsource_SECUNIA third-party-advisory
20080321 rPSA-2008-0116-1 unzip mailing-list x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory
ADV-2008-1744 x_refsource_VUPEN vdb-entry
29440 x_refsource_SECUNIA third-party-advisory
DSA-1522 vendor-advisory x_refsource_DEBIAN
29432 x_refsource_SECUNIA third-party-advisory
https://issues.rpath.com/browse/RPL-2317 x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory
29681 x_refsource_SECUNIA third-party-advisory
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA
SUSE-SR:2008:007 vendor-advisory x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry
30535 x_refsource_SECUNIA third-party-advisory
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature
29406 x_refsource_SECUNIA third-party-advisory
29495 x_refsource_SECUNIA third-party-advisory
31204 x_refsource_SECUNIA third-party-advisory
1019634 vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT
unzip-inflatedynamic-code-execution(41246) vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_refsource_UBUNTU
28288 vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
29432 x_refsource_SECUNIA third-party-advisory x_transferred
https://issues.rpath.com/browse/RPL-2317 x_transferred x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_transferred x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_transferred x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory x_transferred
29681 x_refsource_SECUNIA third-party-advisory x_transferred
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA x_transferred
SUSE-SR:2008:007 vendor-advisory x_transferred x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry x_transferred
30535 x_refsource_SECUNIA third-party-advisory x_transferred
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_transferred x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_transferred x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_transferred x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO x_transferred
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature x_transferred
29406 x_refsource_SECUNIA third-party-advisory x_transferred
29495 x_refsource_SECUNIA third-party-advisory x_transferred
31204 x_refsource_SECUNIA third-party-advisory x_transferred
1019634 x_transferred vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT x_transferred
unzip-inflatedynamic-code-execution(41246) x_transferred vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_transferred x_refsource_UBUNTU
28288 x_transferred vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
29415 x_refsource_SECUNIA third-party-advisory x_transferred
20080321 rPSA-2008-0116-1 unzip mailing-list x_transferred x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory x_transferred
ADV-2008-1744 x_refsource_VUPEN vdb-entry x_transferred
29440 x_refsource_SECUNIA third-party-advisory x_transferred
DSA-1522 vendor-advisory x_refsource_DEBIAN x_transferred
29415 x_refsource_SECUNIA third-party-advisory
20080321 rPSA-2008-0116-1 unzip mailing-list x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory
ADV-2008-1744 x_refsource_VUPEN vdb-entry
29440 x_refsource_SECUNIA third-party-advisory
DSA-1522 vendor-advisory x_refsource_DEBIAN
29432 x_refsource_SECUNIA third-party-advisory
https://issues.rpath.com/browse/RPL-2317 x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory
29681 x_refsource_SECUNIA third-party-advisory
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA
SUSE-SR:2008:007 vendor-advisory x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry
30535 x_refsource_SECUNIA third-party-advisory
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature
29406 x_refsource_SECUNIA third-party-advisory
29495 x_refsource_SECUNIA third-party-advisory
31204 x_refsource_SECUNIA third-party-advisory
1019634 vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT
unzip-inflatedynamic-code-execution(41246) vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_refsource_UBUNTU
28288 vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
29415 x_refsource_SECUNIA third-party-advisory x_transferred
20080321 rPSA-2008-0116-1 unzip mailing-list x_transferred x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory x_transferred
ADV-2008-1744 x_refsource_VUPEN vdb-entry x_transferred
29440 x_refsource_SECUNIA third-party-advisory x_transferred
DSA-1522 vendor-advisory x_refsource_DEBIAN x_transferred
29432 x_refsource_SECUNIA third-party-advisory x_transferred
https://issues.rpath.com/browse/RPL-2317 x_transferred x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_transferred x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_transferred x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory x_transferred
29681 x_refsource_SECUNIA third-party-advisory x_transferred
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA x_transferred
SUSE-SR:2008:007 vendor-advisory x_transferred x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry x_transferred
30535 x_refsource_SECUNIA third-party-advisory x_transferred
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_transferred x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_transferred x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_transferred x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO x_transferred
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature x_transferred
29406 x_refsource_SECUNIA third-party-advisory x_transferred
29495 x_refsource_SECUNIA third-party-advisory x_transferred
31204 x_refsource_SECUNIA third-party-advisory x_transferred
1019634 x_transferred vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT x_transferred
unzip-inflatedynamic-code-execution(41246) x_transferred vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_transferred x_refsource_UBUNTU
28288 x_transferred vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
unzip-inflatedynamic-code-execution(41246) vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_refsource_UBUNTU
28288 vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
29415 x_refsource_SECUNIA third-party-advisory
20080321 rPSA-2008-0116-1 unzip mailing-list x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory
ADV-2008-1744 x_refsource_VUPEN vdb-entry
29440 x_refsource_SECUNIA third-party-advisory
DSA-1522 vendor-advisory x_refsource_DEBIAN
29432 x_refsource_SECUNIA third-party-advisory
https://issues.rpath.com/browse/RPL-2317 x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory
29681 x_refsource_SECUNIA third-party-advisory
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA
SUSE-SR:2008:007 vendor-advisory x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry
30535 x_refsource_SECUNIA third-party-advisory
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature
29406 x_refsource_SECUNIA third-party-advisory
29495 x_refsource_SECUNIA third-party-advisory
31204 x_refsource_SECUNIA third-party-advisory
1019634 vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT
29415 x_refsource_SECUNIA third-party-advisory x_transferred
20080321 rPSA-2008-0116-1 unzip mailing-list x_transferred x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory x_transferred
ADV-2008-1744 x_refsource_VUPEN vdb-entry x_transferred
29440 x_refsource_SECUNIA third-party-advisory x_transferred
DSA-1522 vendor-advisory x_refsource_DEBIAN x_transferred
29432 x_refsource_SECUNIA third-party-advisory x_transferred
https://issues.rpath.com/browse/RPL-2317 x_transferred x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_transferred x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_transferred x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory x_transferred
29681 x_refsource_SECUNIA third-party-advisory x_transferred
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA x_transferred
SUSE-SR:2008:007 vendor-advisory x_transferred x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry x_transferred
30535 x_refsource_SECUNIA third-party-advisory x_transferred
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_transferred x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_transferred x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_transferred x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO x_transferred
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature x_transferred
29406 x_refsource_SECUNIA third-party-advisory x_transferred
29495 x_refsource_SECUNIA third-party-advisory x_transferred
31204 x_refsource_SECUNIA third-party-advisory x_transferred
1019634 x_transferred vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT x_transferred
unzip-inflatedynamic-code-execution(41246) x_transferred vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_transferred x_refsource_UBUNTU
28288 x_transferred vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
29415 x_refsource_SECUNIA third-party-advisory
20080321 rPSA-2008-0116-1 unzip mailing-list x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory
ADV-2008-1744 x_refsource_VUPEN vdb-entry
29440 x_refsource_SECUNIA third-party-advisory
DSA-1522 vendor-advisory x_refsource_DEBIAN
29432 x_refsource_SECUNIA third-party-advisory
https://issues.rpath.com/browse/RPL-2317 x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory
29681 x_refsource_SECUNIA third-party-advisory
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA
SUSE-SR:2008:007 vendor-advisory x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry
30535 x_refsource_SECUNIA third-party-advisory
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature
29406 x_refsource_SECUNIA third-party-advisory
29495 x_refsource_SECUNIA third-party-advisory
31204 x_refsource_SECUNIA third-party-advisory
1019634 vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT
unzip-inflatedynamic-code-execution(41246) vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_refsource_UBUNTU
28288 vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_refsource_CONFIRM
DSA-1522 vendor-advisory x_refsource_DEBIAN x_transferred
29432 x_refsource_SECUNIA third-party-advisory x_transferred
https://issues.rpath.com/browse/RPL-2317 x_transferred x_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_transferred x_refsource_CONFIRM
APPLE-SA-2010-03-29-1 vendor-advisory x_transferred x_refsource_APPLE
29392 x_refsource_SECUNIA third-party-advisory x_transferred
29681 x_refsource_SECUNIA third-party-advisory x_transferred
MDVSA-2008:068 vendor-advisory x_refsource_MANDRIVA x_transferred
SUSE-SR:2008:007 vendor-advisory x_transferred x_refsource_SUSE
ADV-2008-0913 x_refsource_VUPEN vdb-entry x_transferred
30535 x_refsource_SECUNIA third-party-advisory x_transferred
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_transferred x_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_transferred x_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-list x_transferred x_refsource_BUGTRAQ
GLSA-200804-06 vendor-advisory x_refsource_GENTOO x_transferred
oval:org.mitre.oval:def:9733 x_refsource_OVAL vdb-entry signature x_transferred
29406 x_refsource_SECUNIA third-party-advisory x_transferred
29495 x_refsource_SECUNIA third-party-advisory x_transferred
31204 x_refsource_SECUNIA third-party-advisory x_transferred
1019634 x_transferred vdb-entry x_refsource_SECTRACK
RHSA-2008:0196 vendor-advisory x_refsource_REDHAT x_transferred
unzip-inflatedynamic-code-execution(41246) x_transferred vdb-entry x_refsource_XF
USN-589-1 vendor-advisory x_transferred x_refsource_UBUNTU
28288 x_transferred vdb-entry x_refsource_BID
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_transferred x_refsource_CONFIRM
29415 x_refsource_SECUNIA third-party-advisory x_transferred
20080321 rPSA-2008-0116-1 unzip mailing-list x_transferred x_refsource_BUGTRAQ
29427 x_refsource_SECUNIA third-party-advisory x_transferred
ADV-2008-1744 x_refsource_VUPEN vdb-entry x_transferred
29440 x_refsource_SECUNIA third-party-advisory x_transferred

Affected products

n/a

==n/a

unzip

<6.0

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable -
- nixpkgs-unstable 6.0

Ignored packages (5)

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable -
- nixpkgs-unstable 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable -
- nixpkgs-unstable 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable -
- nixpkgs-unstable 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable -
- nixpkgs-unstable 0.0.2

Package maintainers

@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/672d3856df5d0e0e5bd5053e59cd5925b85e9f4a

Dismissed

Permalink CVE-2014-8140

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- ripunzip
- unzipNLS
- haskellPackages.unzip-traversable
- haskellPackages.wai-middleware-gunzip
- runzip
1 month ago
@LeSuisse dismissed 1 month ago

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip …

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

References

http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174851 x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174851 x_transferred x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferred x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_transferred x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174851 x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_transferred x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174851 x_transferred x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferred x_refsource_MISC

Affected products

UnZip

==6.0 and earlier

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

Ignored packages (5)

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/173f41cf0bc618f0b2c313b1915fee8d8a6d0ee2

Dismissed

Permalink CVE-2014-8141

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- runzip
- ripunzip
- unzipNLS
- haskellPackages.unzip-traversable
- haskellPackages.wai-middleware-gunzip
1 month ago
@LeSuisse dismissed 1 month ago

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip …

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

References

https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_transferred x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_transferred x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferred x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_transferred x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferred x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_transferred x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferred x_refsource_MISC

Affected products

UnZip

==6.0 and earlier

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

Ignored packages (5)

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/173f41cf0bc618f0b2c313b1915fee8d8a6d0ee2

Dismissed

Permalink CVE-2014-8139

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- runzip
- ripunzip
- unzipNLS
- haskellPackages.unzip-traversable
- haskellPackages.wai-middleware-gunzip
1 month ago
@LeSuisse dismissed 1 month ago

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip …

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

References

http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174844 x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174844 x_transferred x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferred x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174844 x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_refsource_MISC
http://www.ocert.org/advisories/ocert-2014-011.html x_transferred x_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174844 x_transferred x_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferred x_refsource_MISC

Affected products

UnZip

==6.0 and earlier

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

Ignored packages (5)

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/173f41cf0bc618f0b2c313b1915fee8d8a6d0ee2