CVE-2003-0282 — unzip - directory traversal

Description

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.

How to fix CVE-2003-0282

To remediate CVE-2003-0282, upgrade the affected package to a fixed version below.

Debian/unzip—upgrade to 5.50-3 or later
Debian/unzip—upgrade to 5.50-1woody2 or later

Is CVE-2003-0282 being exploited?

Moderate — EPSS is 21.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 5.50-3
from 0, < 5.50-1woody2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2003-0282