<p>There is no fixed version for <code>Debian:8</code> <code>zip</code>.</p>

Use After Free Affecting zip package, versions *

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.22% (60^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN8-ZIP-269155
published 11 Jul 2018
disclosed 6 Jul 2018

Report a new vulnerability Found a mistake?

Introduced: 6 Jul 2018

CVE-2018-13410 Open this link in a new tab CWE-416 Open this link in a new tab

How to fix?

There is no fixed version for Debian:8 zip.

NVD Description

Note: Versions mentioned in the description apply only to the upstream zip package and not the zip package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands