suse · CVE-2018-18384

Quick triage

Priority: low Published: 2021-05-30 14:17:58 UTC Updated: 2026-03-05 06:38:37 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-18384 severity low: SUSE including 247 source package names (0.23.1-12.3:unzip-6.00-4.8.13, amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, …), 491 product×package rows across 254 product lines (Container bci/spack, Image SLES12-SP5-Azure-BYOS, … (254 product lines)): Fixed 260, Known Affected 231.

Description:

Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.

cvelogic Threat Intelligence