Vulnerability CVE-2022-0530

Vulnerability Name:

CVE-2022-0530 (CCN-219387)

Assigned:

2022-02-07

Published:

2022-02-07

Updated:

2022-09-30

Summary:

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2022-0530

Source: CCN
Type: Info-Zip Web site
Info-Zip UnZip

Source: FULLDISC
Type: Mailing List, Third Party Advisory
20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Source: FULLDISC
Type: Mailing List, Third Party Advisory
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

Source: FULLDISC
Type: Mailing List, Third Party Advisory
20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4

Source: CCN
Type: Red Hat Bugzilla - Bug 2051395
(CVE-2022-0530) - CVE-2022-0530 unzip: SIGSEGV during the conversion of an utf-8 string to a local string

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2051395

Source: XF
Type: UNKNOWN
unzip-cve20220530-code-exec(219387)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/ByteHackr/unzip_poc

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update

Source: CCN
Type: Apple security document HT213255
About the security content of Security Update 2022-004 Catalina

Source: CCN
Type: Apple security document HT213256
About the security content of macOS Big Sur 11.6.6

Source: CCN
Type: Apple security document HT213257
About the security content of macOS Monterey 12.4

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/kb/HT213255

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/kb/HT213256

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/kb/HT213257

Source: DEBIAN
Type: Third Party Advisory
DSA-5202

Source: CCN
Type: IBM Security Bulletin 6852701 (Tivoli Application Dependency Discovery Manager)
TADDM affected by vulnerabilities in UnZip.

Vulnerable Configuration:

Configuration 1:

cpe:/a:unzip_project:unzip:6.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7)

OR cpe:/o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*

OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.6.6)

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*

OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 12.0.0 and < 12.4)

Configuration 5:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:unzip_project:unzip:6.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7823	P	unzip-6.00-150000.4.11.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:781	P	Security update for unzip (Moderate)	2022-09-26

BACK