cvelistv5 - cve-2005-4667

CVE-2005-4667 (GCVE-0-2005-4667)

Vulnerability from cvelistv5

Published

2006-01-25 21:00

Modified

2024-08-07 23:53

Severity ?

CWE

Summary

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2005-4667

Vulnerability from fkie_nvd

Published

2005-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html	Exploit
cve@mitre.org	http://secunia.com/advisories/25098
cve@mitre.org	http://www.debian.org/security/2006/dsa-1012	Patch, Vendor Advisory
cve@mitre.org	http://www.info-zip.org/FAQ.html
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2006:050
cve@mitre.org	http://www.osvdb.org/22400
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-0203.html
cve@mitre.org	http://www.securityfocus.com/archive/1/430300/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/15968	Exploit
cve@mitre.org	http://www.trustix.org/errata/2006/0006	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252
cve@mitre.org	https://usn.ubuntu.com/248-1/
cve@mitre.org	https://usn.ubuntu.com/248-2/
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25098
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1012	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.info-zip.org/FAQ.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:050
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22400
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0203.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/430300/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15968	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2006/0006	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/248-1/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/248-2/

Impacted products

Vendor	Product	Version
info-zip	unzip	5.2
info-zip	unzip	5.3
info-zip	unzip	5.31
info-zip	unzip	5.32
info-zip	unzip	5.40
info-zip	unzip	5.41
info-zip	unzip	5.42
info-zip	unzip	5.50

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "390337E4-2A52-4CB4-9730-BC5FEB7691E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AAC8DA-C1CB-4D05-9CE4-37EE0452F1B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B550991-5E21-4537-B43B-9507B7B4BA7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "83CED6B5-1B14-4076-BA6E-3779D2D143B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFCCB6FA-6723-4096-A426-0C6975F258C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D30AB65-C5A7-4F2E-AD6E-B9C7CE21D13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83C2C1C-F1DD-4DB7-BCF7-4DE7D35CF4C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E623D2F-C9DA-4937-BE64-236323A7C99E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
    }
  ],
  "id": "CVE-2005-4667",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25098"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.info-zip.org/FAQ.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/22400"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/15968"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.trustix.org/errata/2006/0006"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/248-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/248-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.info-zip.org/FAQ.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/22400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/15968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.trustix.org/errata/2006/0006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/248-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/248-2/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
      "lastModified": "2007-09-05T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

rhba-2007:0418

Vulnerability from csaf_redhat

Published

2007-07-11 00:00

Modified

2024-11-22 00:33

Summary

Red Hat Bug Fix Advisory: unzip bug fix update

Notes

Topic

Updated unzip packages that address various bugs are now available.

Details

The unzip utility is used to list, test, or extract files from a zip archive. This update addresses the following issues: * a TOCTOU bug that could be exploited to change file permissions (CVE-2005-2475) * a long filename buffer overflow vulnerability (CVE-2005-4667) All users of unzip should upgrade to these updated packages, which resolve these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated unzip packages that address various bugs are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unzip utility is used to list, test, or extract files from a zip\narchive. \n\nThis update addresses the following issues:\n\n* a TOCTOU bug that could be exploited to change file permissions (CVE-2005-2475)\n\n* a long filename buffer overflow vulnerability (CVE-2005-4667)\n\nAll users of unzip should upgrade to these updated packages, which\nresolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2007:0418",
        "url": "https://access.redhat.com/errata/RHBA-2007:0418"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#low",
        "url": "http://www.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "186570",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=186570"
      },
      {
        "category": "external",
        "summary": "226749",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=226749"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhba-2007_0418.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: unzip bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T00:33:02+00:00",
      "generator": {
        "date": "2024-11-22T00:33:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHBA-2007:0418",
      "initial_release_date": "2007-07-11T00:00:00+00:00",
      "revision_history": [
        {
          "date": "2007-07-11T00:00:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-06-07T15:24:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:33:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3",
                  "product_id": "3AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3",
                "product": {
                  "name": "Red Hat Desktop version 3",
                  "product_id": "3Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3",
                  "product_id": "3ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3",
                  "product_id": "3WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.50-35.EL3.ia64",
                "product": {
                  "name": "unzip-debuginfo-0:5.50-35.EL3.ia64",
                  "product_id": "unzip-debuginfo-0:5.50-35.EL3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-0:5.50-35.EL3.ia64",
                "product": {
                  "name": "unzip-0:5.50-35.EL3.ia64",
                  "product_id": "unzip-0:5.50-35.EL3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
                "product": {
                  "name": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
                  "product_id": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-0:5.50-35.EL3.x86_64",
                "product": {
                  "name": "unzip-0:5.50-35.EL3.x86_64",
                  "product_id": "unzip-0:5.50-35.EL3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.50-35.EL3.i386",
                "product": {
                  "name": "unzip-debuginfo-0:5.50-35.EL3.i386",
                  "product_id": "unzip-debuginfo-0:5.50-35.EL3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-0:5.50-35.EL3.i386",
                "product": {
                  "name": "unzip-0:5.50-35.EL3.i386",
                  "product_id": "unzip-0:5.50-35.EL3.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.50-35.EL3.src",
                "product": {
                  "name": "unzip-0:5.50-35.EL3.src",
                  "product_id": "unzip-0:5.50-35.EL3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.50-35.EL3.ppc",
                "product": {
                  "name": "unzip-debuginfo-0:5.50-35.EL3.ppc",
                  "product_id": "unzip-debuginfo-0:5.50-35.EL3.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-0:5.50-35.EL3.ppc",
                "product": {
                  "name": "unzip-0:5.50-35.EL3.ppc",
                  "product_id": "unzip-0:5.50-35.EL3.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.50-35.EL3.s390x",
                "product": {
                  "name": "unzip-debuginfo-0:5.50-35.EL3.s390x",
                  "product_id": "unzip-debuginfo-0:5.50-35.EL3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-0:5.50-35.EL3.s390x",
                "product": {
                  "name": "unzip-0:5.50-35.EL3.s390x",
                  "product_id": "unzip-0:5.50-35.EL3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.50-35.EL3.s390",
                "product": {
                  "name": "unzip-debuginfo-0:5.50-35.EL3.s390",
                  "product_id": "unzip-debuginfo-0:5.50-35.EL3.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-0:5.50-35.EL3.s390",
                "product": {
                  "name": "unzip-0:5.50-35.EL3.s390",
                  "product_id": "unzip-0:5.50-35.EL3.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-0:5.50-35.EL3.src"
        },
        "product_reference": "unzip-0:5.50-35.EL3.src",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
          "product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-0:5.50-35.EL3.src"
        },
        "product_reference": "unzip-0:5.50-35.EL3.src",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Desktop version 3",
          "product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-0:5.50-35.EL3.src"
        },
        "product_reference": "unzip-0:5.50-35.EL3.src",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
          "product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-0:5.50-35.EL3.src"
        },
        "product_reference": "unzip-0:5.50-35.EL3.src",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
        "relates_to_product_reference": "3WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
          "product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
        "relates_to_product_reference": "3WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-2475",
      "discovery_date": "2005-08-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617723"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS:unzip-0:5.50-35.EL3.i386",
          "3AS:unzip-0:5.50-35.EL3.ia64",
          "3AS:unzip-0:5.50-35.EL3.ppc",
          "3AS:unzip-0:5.50-35.EL3.s390",
          "3AS:unzip-0:5.50-35.EL3.s390x",
          "3AS:unzip-0:5.50-35.EL3.src",
          "3AS:unzip-0:5.50-35.EL3.x86_64",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
          "3Desktop:unzip-0:5.50-35.EL3.i386",
          "3Desktop:unzip-0:5.50-35.EL3.ia64",
          "3Desktop:unzip-0:5.50-35.EL3.ppc",
          "3Desktop:unzip-0:5.50-35.EL3.s390",
          "3Desktop:unzip-0:5.50-35.EL3.s390x",
          "3Desktop:unzip-0:5.50-35.EL3.src",
          "3Desktop:unzip-0:5.50-35.EL3.x86_64",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
          "3ES:unzip-0:5.50-35.EL3.i386",
          "3ES:unzip-0:5.50-35.EL3.ia64",
          "3ES:unzip-0:5.50-35.EL3.ppc",
          "3ES:unzip-0:5.50-35.EL3.s390",
          "3ES:unzip-0:5.50-35.EL3.s390x",
          "3ES:unzip-0:5.50-35.EL3.src",
          "3ES:unzip-0:5.50-35.EL3.x86_64",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
          "3WS:unzip-0:5.50-35.EL3.i386",
          "3WS:unzip-0:5.50-35.EL3.ia64",
          "3WS:unzip-0:5.50-35.EL3.ppc",
          "3WS:unzip-0:5.50-35.EL3.s390",
          "3WS:unzip-0:5.50-35.EL3.s390x",
          "3WS:unzip-0:5.50-35.EL3.src",
          "3WS:unzip-0:5.50-35.EL3.x86_64",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2475"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617723",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617723"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2475",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2475"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475"
        }
      ],
      "release_date": "2005-08-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-07-11T00:00:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "3AS:unzip-0:5.50-35.EL3.i386",
            "3AS:unzip-0:5.50-35.EL3.ia64",
            "3AS:unzip-0:5.50-35.EL3.ppc",
            "3AS:unzip-0:5.50-35.EL3.s390",
            "3AS:unzip-0:5.50-35.EL3.s390x",
            "3AS:unzip-0:5.50-35.EL3.src",
            "3AS:unzip-0:5.50-35.EL3.x86_64",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
            "3Desktop:unzip-0:5.50-35.EL3.i386",
            "3Desktop:unzip-0:5.50-35.EL3.ia64",
            "3Desktop:unzip-0:5.50-35.EL3.ppc",
            "3Desktop:unzip-0:5.50-35.EL3.s390",
            "3Desktop:unzip-0:5.50-35.EL3.s390x",
            "3Desktop:unzip-0:5.50-35.EL3.src",
            "3Desktop:unzip-0:5.50-35.EL3.x86_64",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
            "3ES:unzip-0:5.50-35.EL3.i386",
            "3ES:unzip-0:5.50-35.EL3.ia64",
            "3ES:unzip-0:5.50-35.EL3.ppc",
            "3ES:unzip-0:5.50-35.EL3.s390",
            "3ES:unzip-0:5.50-35.EL3.s390x",
            "3ES:unzip-0:5.50-35.EL3.src",
            "3ES:unzip-0:5.50-35.EL3.x86_64",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
            "3WS:unzip-0:5.50-35.EL3.i386",
            "3WS:unzip-0:5.50-35.EL3.ia64",
            "3WS:unzip-0:5.50-35.EL3.ppc",
            "3WS:unzip-0:5.50-35.EL3.s390",
            "3WS:unzip-0:5.50-35.EL3.s390x",
            "3WS:unzip-0:5.50-35.EL3.src",
            "3WS:unzip-0:5.50-35.EL3.x86_64",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2007:0418"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2005-4667",
      "discovery_date": "2006-01-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617861"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS:unzip-0:5.50-35.EL3.i386",
          "3AS:unzip-0:5.50-35.EL3.ia64",
          "3AS:unzip-0:5.50-35.EL3.ppc",
          "3AS:unzip-0:5.50-35.EL3.s390",
          "3AS:unzip-0:5.50-35.EL3.s390x",
          "3AS:unzip-0:5.50-35.EL3.src",
          "3AS:unzip-0:5.50-35.EL3.x86_64",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
          "3Desktop:unzip-0:5.50-35.EL3.i386",
          "3Desktop:unzip-0:5.50-35.EL3.ia64",
          "3Desktop:unzip-0:5.50-35.EL3.ppc",
          "3Desktop:unzip-0:5.50-35.EL3.s390",
          "3Desktop:unzip-0:5.50-35.EL3.s390x",
          "3Desktop:unzip-0:5.50-35.EL3.src",
          "3Desktop:unzip-0:5.50-35.EL3.x86_64",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
          "3ES:unzip-0:5.50-35.EL3.i386",
          "3ES:unzip-0:5.50-35.EL3.ia64",
          "3ES:unzip-0:5.50-35.EL3.ppc",
          "3ES:unzip-0:5.50-35.EL3.s390",
          "3ES:unzip-0:5.50-35.EL3.s390x",
          "3ES:unzip-0:5.50-35.EL3.src",
          "3ES:unzip-0:5.50-35.EL3.x86_64",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
          "3WS:unzip-0:5.50-35.EL3.i386",
          "3WS:unzip-0:5.50-35.EL3.ia64",
          "3WS:unzip-0:5.50-35.EL3.ppc",
          "3WS:unzip-0:5.50-35.EL3.s390",
          "3WS:unzip-0:5.50-35.EL3.s390x",
          "3WS:unzip-0:5.50-35.EL3.src",
          "3WS:unzip-0:5.50-35.EL3.x86_64",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
          "3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-4667"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617861",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617861"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4667",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
        }
      ],
      "release_date": "2005-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-07-11T00:00:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "3AS:unzip-0:5.50-35.EL3.i386",
            "3AS:unzip-0:5.50-35.EL3.ia64",
            "3AS:unzip-0:5.50-35.EL3.ppc",
            "3AS:unzip-0:5.50-35.EL3.s390",
            "3AS:unzip-0:5.50-35.EL3.s390x",
            "3AS:unzip-0:5.50-35.EL3.src",
            "3AS:unzip-0:5.50-35.EL3.x86_64",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
            "3Desktop:unzip-0:5.50-35.EL3.i386",
            "3Desktop:unzip-0:5.50-35.EL3.ia64",
            "3Desktop:unzip-0:5.50-35.EL3.ppc",
            "3Desktop:unzip-0:5.50-35.EL3.s390",
            "3Desktop:unzip-0:5.50-35.EL3.s390x",
            "3Desktop:unzip-0:5.50-35.EL3.src",
            "3Desktop:unzip-0:5.50-35.EL3.x86_64",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
            "3ES:unzip-0:5.50-35.EL3.i386",
            "3ES:unzip-0:5.50-35.EL3.ia64",
            "3ES:unzip-0:5.50-35.EL3.ppc",
            "3ES:unzip-0:5.50-35.EL3.s390",
            "3ES:unzip-0:5.50-35.EL3.s390x",
            "3ES:unzip-0:5.50-35.EL3.src",
            "3ES:unzip-0:5.50-35.EL3.x86_64",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
            "3WS:unzip-0:5.50-35.EL3.i386",
            "3WS:unzip-0:5.50-35.EL3.ia64",
            "3WS:unzip-0:5.50-35.EL3.ppc",
            "3WS:unzip-0:5.50-35.EL3.s390",
            "3WS:unzip-0:5.50-35.EL3.s390x",
            "3WS:unzip-0:5.50-35.EL3.src",
            "3WS:unzip-0:5.50-35.EL3.x86_64",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
            "3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2007:0418"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2007:0203

Vulnerability from csaf_redhat

Published

2007-05-01 13:37

Modified

2024-11-22 00:32

Summary

Red Hat Security Advisory: unzip security and bug fix update

Notes

Topic

Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475) A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running Unzip with a specially crafted long file name, an attacker could execute arbitrary code with that user's privileges. (CVE-2005-4667) As well, this update adds support for files larger than 2GB. All users of unzip should upgrade to these updated packages, which contain backported patches that resolve these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated unzip packages that fix two security issues and various bugs are\nnow available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unzip utility is used to list, test, or extract files from a zip archive.\n\nA race condition was found in Unzip. Local users could use this flaw to\nmodify permissions of arbitrary files via a hard link attack on a file\nwhile it was being decompressed (CVE-2005-2475)\n\nA buffer overflow was found in Unzip command line argument handling.\nIf a user could be tricked into running Unzip with a specially crafted long\nfile name, an attacker could execute arbitrary code with that user\u0027s\nprivileges. (CVE-2005-4667)\n\nAs well, this update adds support for files larger than 2GB.\n\nAll users of unzip should upgrade to these updated packages, which\ncontain backported patches that resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0203",
        "url": "https://access.redhat.com/errata/RHSA-2007:0203"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#low",
        "url": "http://www.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "164927",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=164927"
      },
      {
        "category": "external",
        "summary": "178960",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=178960"
      },
      {
        "category": "external",
        "summary": "199104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=199104"
      },
      {
        "category": "external",
        "summary": "230558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=230558"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0203.json"
      }
    ],
    "title": "Red Hat Security Advisory: unzip security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T00:32:55+00:00",
      "generator": {
        "date": "2024-11-22T00:32:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0203",
      "initial_release_date": "2007-05-01T13:37:00+00:00",
      "revision_history": [
        {
          "date": "2007-05-01T13:37:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-05-01T13:05:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:32:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4",
                  "product_id": "4AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop version 4",
                  "product_id": "4Desktop",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4",
                  "product_id": "4ES",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4",
                  "product_id": "4WS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.51-9.EL4.5.ia64",
                "product": {
                  "name": "unzip-0:5.51-9.EL4.5.ia64",
                  "product_id": "unzip-0:5.51-9.EL4.5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
                "product": {
                  "name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
                  "product_id": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.51-9.EL4.5.src",
                "product": {
                  "name": "unzip-0:5.51-9.EL4.5.src",
                  "product_id": "unzip-0:5.51-9.EL4.5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.51-9.EL4.5.x86_64",
                "product": {
                  "name": "unzip-0:5.51-9.EL4.5.x86_64",
                  "product_id": "unzip-0:5.51-9.EL4.5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
                "product": {
                  "name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
                  "product_id": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.51-9.EL4.5.i386",
                "product": {
                  "name": "unzip-0:5.51-9.EL4.5.i386",
                  "product_id": "unzip-0:5.51-9.EL4.5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
                "product": {
                  "name": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
                  "product_id": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.51-9.EL4.5.ppc",
                "product": {
                  "name": "unzip-0:5.51-9.EL4.5.ppc",
                  "product_id": "unzip-0:5.51-9.EL4.5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
                "product": {
                  "name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
                  "product_id": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.51-9.EL4.5.s390x",
                "product": {
                  "name": "unzip-0:5.51-9.EL4.5.s390x",
                  "product_id": "unzip-0:5.51-9.EL4.5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
                "product": {
                  "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
                  "product_id": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unzip-0:5.51-9.EL4.5.s390",
                "product": {
                  "name": "unzip-0:5.51-9.EL4.5.s390",
                  "product_id": "unzip-0:5.51-9.EL4.5.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
                "product": {
                  "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
                  "product_id": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-0:5.51-9.EL4.5.src"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.src",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
          "product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-0:5.51-9.EL4.5.src"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.src",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
          "product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4Desktop"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-0:5.51-9.EL4.5.src"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.src",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
          "product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4ES"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-0:5.51-9.EL4.5.src"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.src",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
        "relates_to_product_reference": "4WS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
          "product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
        },
        "product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
        "relates_to_product_reference": "4WS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-2475",
      "discovery_date": "2005-08-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617723"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS:unzip-0:5.51-9.EL4.5.i386",
          "4AS:unzip-0:5.51-9.EL4.5.ia64",
          "4AS:unzip-0:5.51-9.EL4.5.ppc",
          "4AS:unzip-0:5.51-9.EL4.5.s390",
          "4AS:unzip-0:5.51-9.EL4.5.s390x",
          "4AS:unzip-0:5.51-9.EL4.5.src",
          "4AS:unzip-0:5.51-9.EL4.5.x86_64",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
          "4Desktop:unzip-0:5.51-9.EL4.5.i386",
          "4Desktop:unzip-0:5.51-9.EL4.5.ia64",
          "4Desktop:unzip-0:5.51-9.EL4.5.ppc",
          "4Desktop:unzip-0:5.51-9.EL4.5.s390",
          "4Desktop:unzip-0:5.51-9.EL4.5.s390x",
          "4Desktop:unzip-0:5.51-9.EL4.5.src",
          "4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
          "4ES:unzip-0:5.51-9.EL4.5.i386",
          "4ES:unzip-0:5.51-9.EL4.5.ia64",
          "4ES:unzip-0:5.51-9.EL4.5.ppc",
          "4ES:unzip-0:5.51-9.EL4.5.s390",
          "4ES:unzip-0:5.51-9.EL4.5.s390x",
          "4ES:unzip-0:5.51-9.EL4.5.src",
          "4ES:unzip-0:5.51-9.EL4.5.x86_64",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
          "4WS:unzip-0:5.51-9.EL4.5.i386",
          "4WS:unzip-0:5.51-9.EL4.5.ia64",
          "4WS:unzip-0:5.51-9.EL4.5.ppc",
          "4WS:unzip-0:5.51-9.EL4.5.s390",
          "4WS:unzip-0:5.51-9.EL4.5.s390x",
          "4WS:unzip-0:5.51-9.EL4.5.src",
          "4WS:unzip-0:5.51-9.EL4.5.x86_64",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2475"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617723",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617723"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2475",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2475"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475"
        }
      ],
      "release_date": "2005-08-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-05-01T13:37:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "4AS:unzip-0:5.51-9.EL4.5.i386",
            "4AS:unzip-0:5.51-9.EL4.5.ia64",
            "4AS:unzip-0:5.51-9.EL4.5.ppc",
            "4AS:unzip-0:5.51-9.EL4.5.s390",
            "4AS:unzip-0:5.51-9.EL4.5.s390x",
            "4AS:unzip-0:5.51-9.EL4.5.src",
            "4AS:unzip-0:5.51-9.EL4.5.x86_64",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
            "4Desktop:unzip-0:5.51-9.EL4.5.i386",
            "4Desktop:unzip-0:5.51-9.EL4.5.ia64",
            "4Desktop:unzip-0:5.51-9.EL4.5.ppc",
            "4Desktop:unzip-0:5.51-9.EL4.5.s390",
            "4Desktop:unzip-0:5.51-9.EL4.5.s390x",
            "4Desktop:unzip-0:5.51-9.EL4.5.src",
            "4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
            "4ES:unzip-0:5.51-9.EL4.5.i386",
            "4ES:unzip-0:5.51-9.EL4.5.ia64",
            "4ES:unzip-0:5.51-9.EL4.5.ppc",
            "4ES:unzip-0:5.51-9.EL4.5.s390",
            "4ES:unzip-0:5.51-9.EL4.5.s390x",
            "4ES:unzip-0:5.51-9.EL4.5.src",
            "4ES:unzip-0:5.51-9.EL4.5.x86_64",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
            "4WS:unzip-0:5.51-9.EL4.5.i386",
            "4WS:unzip-0:5.51-9.EL4.5.ia64",
            "4WS:unzip-0:5.51-9.EL4.5.ppc",
            "4WS:unzip-0:5.51-9.EL4.5.s390",
            "4WS:unzip-0:5.51-9.EL4.5.s390x",
            "4WS:unzip-0:5.51-9.EL4.5.src",
            "4WS:unzip-0:5.51-9.EL4.5.x86_64",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0203"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2005-4667",
      "discovery_date": "2006-01-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617861"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS:unzip-0:5.51-9.EL4.5.i386",
          "4AS:unzip-0:5.51-9.EL4.5.ia64",
          "4AS:unzip-0:5.51-9.EL4.5.ppc",
          "4AS:unzip-0:5.51-9.EL4.5.s390",
          "4AS:unzip-0:5.51-9.EL4.5.s390x",
          "4AS:unzip-0:5.51-9.EL4.5.src",
          "4AS:unzip-0:5.51-9.EL4.5.x86_64",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
          "4Desktop:unzip-0:5.51-9.EL4.5.i386",
          "4Desktop:unzip-0:5.51-9.EL4.5.ia64",
          "4Desktop:unzip-0:5.51-9.EL4.5.ppc",
          "4Desktop:unzip-0:5.51-9.EL4.5.s390",
          "4Desktop:unzip-0:5.51-9.EL4.5.s390x",
          "4Desktop:unzip-0:5.51-9.EL4.5.src",
          "4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
          "4ES:unzip-0:5.51-9.EL4.5.i386",
          "4ES:unzip-0:5.51-9.EL4.5.ia64",
          "4ES:unzip-0:5.51-9.EL4.5.ppc",
          "4ES:unzip-0:5.51-9.EL4.5.s390",
          "4ES:unzip-0:5.51-9.EL4.5.s390x",
          "4ES:unzip-0:5.51-9.EL4.5.src",
          "4ES:unzip-0:5.51-9.EL4.5.x86_64",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
          "4WS:unzip-0:5.51-9.EL4.5.i386",
          "4WS:unzip-0:5.51-9.EL4.5.ia64",
          "4WS:unzip-0:5.51-9.EL4.5.ppc",
          "4WS:unzip-0:5.51-9.EL4.5.s390",
          "4WS:unzip-0:5.51-9.EL4.5.s390x",
          "4WS:unzip-0:5.51-9.EL4.5.src",
          "4WS:unzip-0:5.51-9.EL4.5.x86_64",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
          "4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-4667"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617861",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617861"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4667",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
        }
      ],
      "release_date": "2005-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-05-01T13:37:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "4AS:unzip-0:5.51-9.EL4.5.i386",
            "4AS:unzip-0:5.51-9.EL4.5.ia64",
            "4AS:unzip-0:5.51-9.EL4.5.ppc",
            "4AS:unzip-0:5.51-9.EL4.5.s390",
            "4AS:unzip-0:5.51-9.EL4.5.s390x",
            "4AS:unzip-0:5.51-9.EL4.5.src",
            "4AS:unzip-0:5.51-9.EL4.5.x86_64",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
            "4Desktop:unzip-0:5.51-9.EL4.5.i386",
            "4Desktop:unzip-0:5.51-9.EL4.5.ia64",
            "4Desktop:unzip-0:5.51-9.EL4.5.ppc",
            "4Desktop:unzip-0:5.51-9.EL4.5.s390",
            "4Desktop:unzip-0:5.51-9.EL4.5.s390x",
            "4Desktop:unzip-0:5.51-9.EL4.5.src",
            "4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
            "4ES:unzip-0:5.51-9.EL4.5.i386",
            "4ES:unzip-0:5.51-9.EL4.5.ia64",
            "4ES:unzip-0:5.51-9.EL4.5.ppc",
            "4ES:unzip-0:5.51-9.EL4.5.s390",
            "4ES:unzip-0:5.51-9.EL4.5.s390x",
            "4ES:unzip-0:5.51-9.EL4.5.src",
            "4ES:unzip-0:5.51-9.EL4.5.x86_64",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
            "4WS:unzip-0:5.51-9.EL4.5.i386",
            "4WS:unzip-0:5.51-9.EL4.5.ia64",
            "4WS:unzip-0:5.51-9.EL4.5.ppc",
            "4WS:unzip-0:5.51-9.EL4.5.s390",
            "4WS:unzip-0:5.51-9.EL4.5.s390x",
            "4WS:unzip-0:5.51-9.EL4.5.src",
            "4WS:unzip-0:5.51-9.EL4.5.x86_64",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
            "4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0203"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

gsd-2005-4667

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2005-4667

Aliases

CVE-2005-4667

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-4667",
    "description": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
    "id": "GSD-2005-4667",
    "references": [
      "https://www.suse.com/security/cve/CVE-2005-4667.html",
      "https://www.debian.org/security/2006/dsa-1012",
      "https://access.redhat.com/errata/RHBA-2007:0418",
      "https://access.redhat.com/errata/RHSA-2007:0203",
      "https://linux.oracle.com/cve/CVE-2005-4667.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-4667"
      ],
      "details": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
      "id": "GSD-2005-4667",
      "modified": "2023-12-13T01:20:09.323211Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-4667",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "25098",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25098"
          },
          {
            "name": "USN-248-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/248-2/"
          },
          {
            "name": "http://www.info-zip.org/FAQ.html",
            "refsource": "CONFIRM",
            "url": "http://www.info-zip.org/FAQ.html"
          },
          {
            "name": "FLSA:180159",
            "refsource": "FEDORA",
            "url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
          },
          {
            "name": "MDKSA-2006:050",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
          },
          {
            "name": "2006-0006",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2006/0006"
          },
          {
            "name": "oval:org.mitre.oval:def:11252",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
          },
          {
            "name": "RHSA-2007:0203",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
          },
          {
            "name": "USN-248-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/248-1/"
          },
          {
            "name": "20051219 Unzip *ALL* verisons ;))",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
          },
          {
            "name": "22400",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/22400"
          },
          {
            "name": "15968",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15968"
          },
          {
            "name": "DSA-1012",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1012"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4667"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15968",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/15968"
            },
            {
              "name": "20051219 Unzip *ALL* verisons ;))",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
            },
            {
              "name": "22400",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/22400"
            },
            {
              "name": "2006-0006",
              "refsource": "TRUSTIX",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.trustix.org/errata/2006/0006"
            },
            {
              "name": "DSA-1012",
              "refsource": "DEBIAN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.debian.org/security/2006/dsa-1012"
            },
            {
              "name": "RHSA-2007:0203",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
            },
            {
              "name": "25098",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25098"
            },
            {
              "name": "MDKSA-2006:050",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
            },
            {
              "name": "http://www.info-zip.org/FAQ.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.info-zip.org/FAQ.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11252",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
            },
            {
              "name": "USN-248-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/248-2/"
            },
            {
              "name": "USN-248-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/248-1/"
            },
            {
              "name": "FLSA:180159",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-19T15:41Z",
      "publishedDate": "2005-12-31T05:00Z"
    }
  }
}

ghsa-8h2v-2p8g-f36m

Vulnerability from github

Published

2022-05-01 02:29

Modified

2025-04-03 04:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-4667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-31T05:00:00Z",
    "severity": "LOW"
  },
  "details": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
  "id": "GHSA-8h2v-2p8g-f36m",
  "modified": "2025-04-03T04:23:49Z",
  "published": "2022-05-01T02:29:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/248-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/248-2"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25098"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1012"
    },
    {
      "type": "WEB",
      "url": "http://www.info-zip.org/FAQ.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/22400"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15968"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2006/0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-4667 (GCVE-0-2005-4667)

Vulnerability from cvelistv5

fkie_cve-2005-4667

Vulnerability from fkie_nvd

rhba-2007:0418

Vulnerability from csaf_redhat

rhsa-2007:0203

Vulnerability from csaf_redhat

gsd-2005-4667

Vulnerability from gsd

ghsa-8h2v-2p8g-f36m

Vulnerability from github

Tags

Sightings

Nomenclature