{"schema_version":"1.7.2","id":"OESA-2022-1548","modified":"2022-03-07T11:03:34Z","published":"2022-03-07T11:03:34Z","upstream":["CVE-2022-0530","CVE-2022-0529"],"summary":"unzip security update","details":"A utility for unpacking zip files.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2022-0530)\r\n\r\nA flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.(CVE-2022-0529)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"unzip","purl":"pkg:rpm/openEuler/unzip\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0-46.oe1"}]}],"ecosystem_specific":{"aarch64":["unzip-debugsource-6.0-46.oe1.aarch64.rpm","unzip-help-6.0-46.oe1.aarch64.rpm","unzip-6.0-46.oe1.aarch64.rpm","unzip-debuginfo-6.0-46.oe1.aarch64.rpm"],"src":["unzip-6.0-46.oe1.src.rpm"],"x86_64":["unzip-6.0-46.oe1.x86_64.rpm","unzip-help-6.0-46.oe1.x86_64.rpm","unzip-debugsource-6.0-46.oe1.x86_64.rpm","unzip-debuginfo-6.0-46.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"unzip","purl":"pkg:rpm/openEuler/unzip\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0-46.oe1"}]}],"ecosystem_specific":{"aarch64":["unzip-6.0-46.oe1.aarch64.rpm","unzip-debuginfo-6.0-46.oe1.aarch64.rpm","unzip-debugsource-6.0-46.oe1.aarch64.rpm","unzip-help-6.0-46.oe1.aarch64.rpm"],"src":["unzip-6.0-46.oe1.src.rpm"],"x86_64":["unzip-debugsource-6.0-46.oe1.x86_64.rpm","unzip-help-6.0-46.oe1.x86_64.rpm","unzip-6.0-46.oe1.x86_64.rpm","unzip-debuginfo-6.0-46.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"unzip","purl":"pkg:rpm/openEuler/unzip\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0-46.oe1"}]}],"ecosystem_specific":{"aarch64":["unzip-6.0-46.oe1.aarch64.rpm","unzip-help-6.0-46.oe1.aarch64.rpm","unzip-debuginfo-6.0-46.oe1.aarch64.rpm","unzip-debugsource-6.0-46.oe1.aarch64.rpm"],"src":["unzip-6.0-46.oe1.src.rpm"],"x86_64":["unzip-6.0-46.oe1.x86_64.rpm","unzip-help-6.0-46.oe1.x86_64.rpm","unzip-debugsource-6.0-46.oe1.x86_64.rpm","unzip-debuginfo-6.0-46.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1548"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0530"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0529"}],"database_specific":{"severity":"High"}}