CVE-2008-0888
Publication date 17 March 2008
Last updated 24 July 2024
Ubuntu priority
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
Status
Package | Ubuntu Release | Status |
---|---|---|
unzip | 7.10 gutsy |
Fixed 5.52-10ubuntu1.1
|
7.04 feisty |
Fixed 5.52-9ubuntu3.1
|
|
6.10 edgy |
Fixed 5.52-8ubuntu1.1
|
|
6.06 LTS dapper |
Fixed 5.52-6ubuntu4.1
|