A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
Not sure if Ubuntu is the upstream here, or if there's any patch.
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2022-08-25 02:18:16 +0000
Commit: Sam James <email@example.com>
CommitDate: 2022-08-25 02:19:14 +0000
app-arch/unzip: add 6.0_p27
Contains patches for CVE-2022-0529, CVE-2022-0530 (bug 831190) and
for a unicode issue which *might* be CVE-2021-4217 (bug 866386).
Signed-off-by: Sam James <firstname.lastname@example.org>
app-arch/unzip/Manifest | 1 +
app-arch/unzip/unzip-6.0_p27.ebuild | 93 +++++++++++++++++++++++++++++++++++++
2 files changed, 94 insertions(+)
I saw this in Debian's changelog:
unzip (6.0-27) unstable; urgency=medium
* Apply upstream patch for CVE-2022-0529 and CVE-2022-0530.
- Fix null pointer dereference on invalid UTF-8 input.
- Fix wide string conversion in process.c.
But I don't think it's related to this bug, I'd misread it (it's all to do with bug 831190).
Nobody (Ubuntu, Debian, RH) have patched this, so no idea if htere's even a fix out there.