Published: 05/09/2018 Updated: 28/06/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in ZZIPlib up to and including 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zziplib project zziplib

Synopsis Low: zziplib security update Type/Severity Security Advisory: Low Topic An update for zziplib is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a det ...

Debian Bug report logs - #910335 zziplib: CVE-2018-16548: Memory leak triggered in the function __zzip_parse_root_directory in zipc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Oct 2018 21:18:02 UTC Severity ...

Debian Bug report logs - #923659 zziplib: CVE-2018-6540: bus error in zzip_disk_findfirst function in zzip/mmappedc Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Mar 2019 12:27:02 UTC Severity: important Tags ...

Debian Bug report logs - #889096 zziplib: CVE-2018-6381: Invalid memory access in zzip_disk_fread Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:15:01 UTC Severity: important Tags: fixed-upstream, p ...

Debian Bug report logs - #889089 zziplib: CVE-2018-6484: Bus error in __zzip_fetch_disk_trailer Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Feb 2018 21:00:13 UTC Severity: important Tags: fixed-upstream, pat ...

Debian Bug report logs - #913165 zziplib: CVE-2018-7726 CVE-2018-7725 Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 7 Nov 2018 18:54:02 UTC Severity: grave Tags: patch, security, upstream Found in version zziplib/0 ...

An issue was discovered in ZZIPlib through 01369 There is a memory leak triggered in the function __zzip_parse_root_directory in zipc, which will lead to a denial of service attack(CVE-2018-16548) In ZZIPlib 01367, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk ...

An issue was discovered in ZZIPlib through 01369 There is a memory leak triggered in the function __zzip_parse_root_directory in zipc, which will lead to a denial of service attack ...

CWE-772 https://github.com/gdraheim/zziplib/issues/58 https://access.redhat.com/errata/RHSA-2019:2196 http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00066.html https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://access.redhat.com/errata/RHSA-2019:2196 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1357.html

CVE-2018-16548

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect