CVE-2022-0529 PoC — Info-ZIP UnZip 缓冲区错误漏洞

Source

Associated Vulnerability

Title:Info-ZIP UnZip 缓冲区错误漏洞 (CVE-2022-0529)
Description:Info-ZIP UnZip是美国Greg Roelofs个人开发者的一套基于Unix平台的用于对“.zip”文件格式进行解压的工具。 Info-ZIP unzip存在缓冲区错误漏洞，该漏洞源于宽字符串到本地字符串的转换过程中存在安全问题导致越界写，攻击者利用该漏洞致崩溃或代码执行。

Description

CVE-2022-0529 & CVE-2022-0530

Readme

# POC for unzip 6.0

# CVE-2022-0529 & CVE-2022-0530

https://bugzilla.redhat.com/show_bug.cgi?id=2051402


https://bugzilla.redhat.com/show_bug.cgi?id=2051395

File Snapshot


 [4.0K]  /data/pocs/6fda649294ebfb69fd3e99495e3c69dd7de310d9
├── [4.0K]  CVE-2022-0529
│   ├── [  91]  Dockerfile-fedora
│   ├── [ 662]  Dockerfile-ubuntu
│   ├── [ 26K]  README.txt
│   ├── [ 366]  reproduce-fedora.sh
│   ├── [ 366]  reproduce-ubuntu.sh
│   └── [248K]  testcase
├── [4.0K]  CVE-2022-0530
│   ├── [  91]  Dockerfile-fedora
│   ├── [ 662]  Dockerfile-ubuntu
│   ├── [6.4K]  README.txt
│   ├── [ 366]  reproduce-fedora.sh
│   ├── [ 366]  reproduce-ubuntu.sh
│   └── [ 288]  testcase
├── [ 34K]  LICENSE
└── [ 160]  README.md

2 directories, 14 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!