CVE-2018-1056

Опубликовано: 03 фев. 2018

Источник: redhat

CVSS3: 3.3

Описание

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

An out-of-bounds heap buffer read flaw was found in the way advancecomp handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

Отчет

This issue affects the versions of advancecomp as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 7	advancecomp	Will not fix
Red Hat Enterprise Linux 8	advancecomp	Fix deferred
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer	advancecomp	Will not fix
Red Hat Satellite 6	advancecomp	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1542333advancecomp: Heap buffer overflow in zip.cc:zip_entry::load_cent() allows for denial of service or unspecified impact via crafted ZIP file

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-1056

CVSS3: 7.8

ubuntu

больше 7 лет назад

CVE-2018-1056

CVSS3: 7.8

nvd

больше 7 лет назад

CVE-2018-1056

CVSS3: 7.8

debian

больше 7 лет назад

An out-of-bounds heap buffer read flaw was found in the way advancecom ...

GHSA-557x-wcm4-fhw8

CVSS3: 7.8

github

больше 3 лет назад

3.3 Low

CVSS3