Описание
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.
Ссылки
- PatchThird Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2