CVEs-PoC/2008/CVE-2008-0888.md

### [CVE-2008-0888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888)
![](https://img.shields.io/static/v1?label=Product&message=unzip&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

### POC

#### Reference
- http://www.ipcop.org/index.php?name=News&file=article&sid=40
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9733

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/meyayl/docker-languagetool
- https://github.com/phonito/phonito-vulnerable-container