LAYER: meta
PACKAGE NAME: zip-native
PACKAGE VERSION: 3.0
CVE: CVE-2004-1010
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1010

LAYER: meta
PACKAGE NAME: zip-native
PACKAGE VERSION: 3.0
CVE: CVE-2018-13410
CVE STATUS: Ignored
CVE DETAIL: disputed
CVE DESCRIPTION: Disputed and also Debian doesn't consider a vulnerability
CVE SUMMARY: Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13410

LAYER: meta
PACKAGE NAME: zip-native
PACKAGE VERSION: 3.0
CVE: CVE-2018-13684
CVE STATUS: Ignored
CVE DETAIL: cpe-incorrect
CVE DESCRIPTION: Not for zip but for smart contract implementation for it
CVE SUMMARY: The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13684

LAYER: meta
PACKAGE NAME: zip-native
PACKAGE VERSION: 3.0
CVE: CVE-2023-39135
CVE STATUS: Patched
CVE SUMMARY: An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39135