CVE-2008-0888
CVE-2008-0888
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Produtos afetados
info-zip · unzipQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://secunia.com/advisories/29392http://secunia.com/advisories/29406http://secunia.com/advisories/29415http://secunia.com/advisories/29427http://secunia.com/advisories/29432http://secunia.com/advisories/29440http://secunia.com/advisories/29495http://secunia.com/advisories/29681http://secunia.com/advisories/30535http://secunia.com/advisories/31204