alpine · CVE-2022-0530

Quick triage

Priority: medium Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2022-0530: 1 source package rows (unzip); 41 state rows across 9 repos (3.12-main, 3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, 3.23-main, edge-main); fixed 18, open 23.

Description:

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

cvelogic Threat Intelligence