Bug 2044583 (CVE-2021-4217)
Summary: | CVE-2021-4217 unzip: Null pointer dereference in Unicode strings code | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bdettelb, caswilli, dhalasz, fjansen, jamartis, jwong, kaycoth, kdudka, micjohns, pstodulk, sthirugn, vkrizan, vmugicag |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2046940, 2046947, 2046949 | ||
Bug Blocks: | 2044584 |
Description
Pedro Sampaio
2022-01-24 19:16:08 UTC
Created unzip tracking bugs for this issue: Affects: fedora-all [bug 2046940] The unzip command is not used to provide any of our services. The services that work with zip archives utilize libraries that are specific to their language. AFAIK this tool does not provide a widely used library. |