CVE-2022-0530
- Source
- https://cve.org/CVERecord?id=CVE-2022-0530
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0530.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-0530
- Downstream
- Related
- Published
- 2022-02-09T23:15:16.677Z
- Modified
- 2026-04-16T00:02:57.459908604Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- References
-
- http://seclists.org/fulldisclosure/2022/May/38
- https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html
- https://security.gentoo.org/glsa/202310-17
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- https://support.apple.com/kb/HT213257
- https://www.debian.org/security/2022/dsa-5202
- https://bugzilla.redhat.com/show_bug.cgi?id=2051395
- https://github.com/ByteHackr/unzip_poc
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
},
{
"events": [
{
"introduced": "10.15"
},
{
"fixed": "10.15.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2020"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2020\\-001"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2020\\-005"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2020\\-007"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2021\\-001"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2021\\-002"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2021\\-003"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2021\\-006"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2021\\-007"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2021\\-008"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2022\\-001"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2022\\-002"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-security_update_2022\\-003"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.15.7-supplemental_update"
}
]
},
{
"events": [
{
"introduced": "11.0"
},
{
"fixed": "11.6.6"
}
]
},
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0530.json"