AVG-611

Package unzip
Status Vulnerable
Severity Medium
Type arbitrary code execution
Affected 6.0-12
Fixed Unknown
Current 6.0-12 [extra]
Ticket Create
Created Mon Feb 12 23:01:13 2018
Issue Severity Remote Type Description
CVE-2018-1000035 Medium No Arbitrary code execution
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a...
Notes
Still no fix upstream. We do use FORTIFY_SOURCE=2 on our builds and that works as a "workaround" since it kills the app.