Published: 25/09/2019 Updated: 22/11/2019
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Summary

In Rubyzip prior to 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows malicious users to cause a denial of service (disk consumption).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubyzip project rubyzip

Vendor Advisories

Debian Bug report logs - #941222 ruby-zip: CVE-2019-16892 Package: src:ruby-zip; Maintainer for src:ruby-zip is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Sep 2019 17:21:02 UTC Severity: important Tags: secu ...