|Type||arbitrary code execution|
|Created||Mon Feb 12 23:01:13 2018|
|CVE-2018-1000035||Medium||No||Arbitrary code execution||
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a...
Still no fix upstream. We do use FORTIFY_SOURCE=2 on our builds and that works as a "workaround" since it kills the app. Perhaps we should downgrade the severity and set the impact to DoS?