14 lines
1.0 KiB
JSON
14 lines
1.0 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1902",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1902",
|
|
"title": "An update for unzip is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "High",
|
|
"description": "UnZip is an extraction utility for archives compressed in .zip format. UnZip will list, test, or extract files from a .zip archive, commonly found on MS-DOS systems. The default behavior (with no options) is to extract all files into the current directory (and subdirectorie below it) from the specified zipfile.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2021-4217)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2021-4217",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4217",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |