CVE-2005-4667
unzip - buffer overflow
EPSS 3.1%
Description
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
How to fix CVE-2005-4667
To remediate CVE-2005-4667, upgrade the affected package to a fixed version below.
- Debian/unzip—upgrade to 5.52-7 or later
- Debian/unzip—upgrade to 5.50-1woody6 or later
Is CVE-2005-4667 being exploited?
Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.52-7
- from 0, < 5.50-1woody6