Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2019-1142

Related Vulnerabilities: CVE-2018-7725   CVE-2018-7726   CVE-2018-7727  

An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib, up to 0.13.68, that could lead to a crash in __zzip_parse_root_directory function of zzip/ip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.(CVE-2018-7726) A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. Local attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.(CVE-2018-7727) An out of bounds read was found in function zzip_disk_fread of ZZIPlib, up to 0.13.68, when ZZIPlib mem_disk functionality is used. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.(CVE-2018-7725)

Source

ALAS2-2019-1142

Amazon Linux 2 Security Advisory: ALAS-2019-1142
Advisory Release Date: 2019-01-07 22:02 Pacific
Advisory Updated Date: 2019-01-09 01:10 Pacific
Severity: Low
Issue Overview:

An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib, up to 0.13.68, that could lead to a crash in __zzip_parse_root_directory function of zzip/ip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.(CVE-2018-7726)

A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. Local attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.(CVE-2018-7727)

An out of bounds read was found in function zzip_disk_fread of ZZIPlib, up to 0.13.68, when ZZIPlib mem_disk functionality is used. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.(CVE-2018-7725)


Affected Packages:

zziplib


Issue Correction:
Run yum update zziplib to update your system.

New Packages:
aarch64:
    zziplib-0.13.62-9.amzn2.aarch64
    zziplib-utils-0.13.62-9.amzn2.aarch64
    zziplib-devel-0.13.62-9.amzn2.aarch64
    zziplib-debuginfo-0.13.62-9.amzn2.aarch64

i686:
    zziplib-0.13.62-9.amzn2.i686
    zziplib-utils-0.13.62-9.amzn2.i686
    zziplib-devel-0.13.62-9.amzn2.i686
    zziplib-debuginfo-0.13.62-9.amzn2.i686

src:
    zziplib-0.13.62-9.amzn2.src

x86_64:
    zziplib-0.13.62-9.amzn2.x86_64
    zziplib-utils-0.13.62-9.amzn2.x86_64
    zziplib-devel-0.13.62-9.amzn2.x86_64
    zziplib-debuginfo-0.13.62-9.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started