The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Apple |
|
| Canonical |
|
| Debian |
|
| Redhat |
|
| Unzip Project |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 2.1 | |||
| unzip-0:5.50-31.EL2.1 | cpe:/o:redhat:enterprise_linux:2.1 | RHSA-2008:0196 | 2008-03-18T00:00:00Z |
| Red Hat Enterprise Linux 3 | |||
| unzip-0:5.50-36.EL3 | cpe:/o:redhat:enterprise_linux:3 | RHSA-2008:0196 | 2008-03-18T00:00:00Z |
References
History
Thu, 01 May 2025 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apple
Apple mac Os X Canonical Canonical ubuntu Linux Debian Debian debian Linux Unzip Project Unzip Project unzip |
|
| CPEs | cpe:2.3:a:unzip_project:unzip:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Info-zip
Info-zip unzip |
Apple
Apple mac Os X Canonical Canonical ubuntu Linux Debian Debian debian Linux Unzip Project Unzip Project unzip |
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2008-03-17T21:00:00
Updated: 2025-04-02T13:36:47.269Z
Reserved: 2008-02-21T00:00:00
Link: CVE-2008-0888
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2008-03-17T21:44:00.000
Modified: 2025-05-01T15:33:00.470
Link: CVE-2008-0888
Redhat