Nixpkgs security tracker

Permalink CVE-2014-8139

created 2 months ago Activity log

Created suggestion 2 months ago

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip …

Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

References

http://www.ocert.org/advisories/ocert-2014-011.html x_transferredx_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174844 x_transferredx_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferredx_refsource_MISC

Affected products

UnZip

==6.0 and earlier

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@LeSuisse Thomas Gerbet <thomas@gerbet.me>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Permalink CVE-2014-8141

created 2 months ago Activity log

Created suggestion 2 months ago

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip …

Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

References

http://www.ocert.org/advisories/ocert-2014-011.html x_transferredx_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174856 x_transferredx_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferredx_refsource_MISC

Affected products

UnZip

==6.0 and earlier

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@LeSuisse Thomas Gerbet <thomas@gerbet.me>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Permalink CVE-2014-8140

created 2 months ago Activity log

Created suggestion 2 months ago

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip …

Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

References

http://www.ocert.org/advisories/ocert-2014-011.html x_transferredx_refsource_MISC
https://access.redhat.com/errata/RHSA-2015:0700 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1174851 x_transferredx_refsource_MISC
http://www.securitytracker.com/id/1031433 x_transferredx_refsource_MISC

Affected products

UnZip

==6.0 and earlier

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@LeSuisse Thomas Gerbet <thomas@gerbet.me>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Permalink CVE-2008-0888

created 2 months ago Activity log

Created suggestion 2 months ago

The NEEDBITS macro in the inflate_dynamic function in inflate.c for …

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

References

29415 x_transferredx_refsource_SECUNIAthird-party-advisory
20080321 rPSA-2008-0116-1 unzip mailing-listx_transferredx_refsource_BUGTRAQ
29427 x_transferredx_refsource_SECUNIAthird-party-advisory
ADV-2008-1744 x_refsource_VUPENx_transferredvdb-entry
29440 x_transferredx_refsource_SECUNIAthird-party-advisory
DSA-1522 x_refsource_DEBIANvendor-advisoryx_transferred
29432 x_transferredx_refsource_SECUNIAthird-party-advisory
https://issues.rpath.com/browse/RPL-2317 x_transferredx_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_transferredx_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_transferredx_refsource_CONFIRM
APPLE-SA-2010-03-29-1 x_refsource_APPLEvendor-advisoryx_transferred
29392 x_transferredx_refsource_SECUNIAthird-party-advisory
29681 x_transferredx_refsource_SECUNIAthird-party-advisory
MDVSA-2008:068 vendor-advisoryx_refsource_MANDRIVAx_transferred
SUSE-SR:2008:007 vendor-advisoryx_transferredx_refsource_SUSE
ADV-2008-0913 x_refsource_VUPENx_transferredvdb-entry
30535 x_transferredx_refsource_SECUNIAthird-party-advisory
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_transferredx_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_transferredx_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-listx_transferredx_refsource_BUGTRAQ
GLSA-200804-06 x_refsource_GENTOOvendor-advisoryx_transferred
oval:org.mitre.oval:def:9733 signaturex_transferredvdb-entryx_refsource_OVAL
29406 x_transferredx_refsource_SECUNIAthird-party-advisory
29495 x_transferredx_refsource_SECUNIAthird-party-advisory
31204 x_transferredx_refsource_SECUNIAthird-party-advisory
1019634 x_refsource_SECTRACKx_transferredvdb-entry
RHSA-2008:0196 vendor-advisoryx_transferredx_refsource_REDHAT
unzip-inflatedynamic-code-execution(41246) x_transferredvdb-entryx_refsource_XF
USN-589-1 x_refsource_UBUNTUvendor-advisoryx_transferred
28288 x_refsource_BIDx_transferredvdb-entry
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_transferredx_refsource_CONFIRM

Affected products

n/a

==n/a

unzip

<6.0

Matching in nixpkgs

pkgs.unzip

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.runzip

Tool to convert filename encoding inside a ZIP archive

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.ripunzip

Tool to unzip files in parallel

nixos-unstable 2.0.4
- nixpkgs-unstable 2.0.4
- nixos-unstable-small 2.0.4
nixos-25.11 2.0.3
- nixos-25.11-small 2.0.3
- nixpkgs-25.11-darwin 2.0.3

pkgs.unzipNLS

Extraction utility for archives compressed in .zip format

nixos-unstable 6.0
- nixpkgs-unstable 6.0
- nixos-unstable-small 6.0
nixos-25.11 6.0
- nixos-25.11-small 6.0
- nixpkgs-25.11-darwin 6.0

pkgs.haskellPackages.unzip-traversable

Unzip functions for general Traversable containers

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.haskellPackages.wai-middleware-gunzip

WAI middleware to unzip request bodies

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

Package maintainers

@LeSuisse Thomas Gerbet <thomas@gerbet.me>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.unzip

pkgs.runzip

pkgs.ripunzip

pkgs.unzipNLS

pkgs.haskellPackages.unzip-traversable

pkgs.haskellPackages.wai-middleware-gunzip

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.unzip

pkgs.runzip

pkgs.ripunzip

pkgs.unzipNLS

pkgs.haskellPackages.unzip-traversable

pkgs.haskellPackages.wai-middleware-gunzip

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.unzip

pkgs.runzip

pkgs.ripunzip

pkgs.unzipNLS

pkgs.haskellPackages.unzip-traversable

pkgs.haskellPackages.wai-middleware-gunzip

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.unzip

pkgs.runzip

pkgs.ripunzip

pkgs.unzipNLS

pkgs.haskellPackages.unzip-traversable

pkgs.haskellPackages.wai-middleware-gunzip

Package maintainers