add cve/unzip/2022/yaml/CVE-2022-0529.yaml.

Signed-off-by: world lee <lisj2019@buaa.edu.cn>
2023-03-16 09:57:16 +00:00 · 2023-03-16 09:57:16 +00:00 · 42dc2cb516
parent 6c2eb0f87f
commit 42dc2cb516
1 changed files with 20 additions and 0 deletions
--- a/cve/unzip/2022/yaml/CVE-2022-0529.yaml
+++ b/cve/unzip/2022/yaml/CVE-2022-0529.yaml
@ -0,0 +1,20 @@
+id: CVE-2022-0529
+source: https://github.com/nanaao/unzip_poc/tree/main/CVE-2022-0529
+info:
+  name: 
+  Linux unzip命令用于解压缩zip文件。unzip为.zip压缩文件的解压缩程序。
+  severity: MEDIUM
+  description: 
+    A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
+  scope-of-influence:
+    unzip Up to (excluding) 6.0-r11
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0529
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+    cvss-score: 5.5 
+    cve-id: CVE-2022-0529
+    cwe-id: CWE-787
+    cnvd-id: None
+    kve-id: None
+  tags: CVE-2022, unzip