suse · CVE-2014-9636

Quick triage

Priority: high Published: 2021-05-30 13:24:54 UTC Updated: 2026-04-18 18:31:07 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-9636 severity important: SUSE including 251 source package names (0.23.1-12.3:unzip-6.00-4.3.1, amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, …), 506 product×package rows across 269 product lines (Container bci/spack, Image SLES12-SP5-Azure-BYOS, … (269 product lines)): Fixed 274, Known Affected 231, Known Not Affected 1.

Description:

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

cvelogic Threat Intelligence