Denial of Service Vulnerability in Info-ZIP UnZip 6.0 Affects Multiple Platforms
CVE-2015-7697

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 6 November 2015

Summary

Info-ZIP UnZip 6.0 is susceptible to a denial of service vulnerability that allows remote attackers to induce an infinite loop through the submission of empty bzip2 data packaged within a ZIP archive. This can disrupt service availability and lead to performance degradation. Users are advised to update to the latest version to mitigate this risk.

References

http://www.ubuntu.com/usn/USN-2788-2

vendor-advisoryx_refsource_UBUNTU

http://www.openwall.com/lists/oss-security/2015/09/07/4

mailing-listx_refsource_MLIST

http://www.debian.org/security/2015/dsa-3386

vendor-advisoryx_refsource_DEBIAN

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 6, 2015
Vulnerability Reserved
Oct 4, 2015