Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6869

Опубликовано: 08 фев. 2018
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

An uncontrolled memory allocation was found in ZZIPlib that could lead to a crash in the __zzip_parse_root_directory function of zzip/zip.c if the package is compiled with Address Sanitizer. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Отчет

Red Hat Product Security has rated this issue as having security impact of Low. This issue does not affect the versions of ZZIPlib as shipped in Red Hat Enterprise Linux 7, unless the package is recompiled with Address Sanitizer. The flaw is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7zziplibWill not fix
Red Hat Enterprise Linux 8zziplibNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1543941zziplib: uncontrolled memory allocation in __zzip_parse_root_directory in zzip/zip.c

EPSS

Процентиль: 77%
0.01067
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6869

CVSS3: 6.5
ubuntu
почти 8 лет назад

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

nvd логотип

CVE-2018-6869

CVSS3: 6.5
nvd
почти 8 лет назад

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

debian логотип

CVE-2018-6869

CVSS3: 6.5
debian
почти 8 лет назад

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a c ...

github логотип

GHSA-r2v6-v9m5-5jcp

CVSS3: 6.5
github
больше 3 лет назад

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

fstec логотип

BDU:2020-00743

CVSS3: 6.5
fstec
почти 8 лет назад

Уязвимость функции __zzip_parse_root_directory библиотеки архивирования ZZIPlib, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.01067
Низкий

4.3 Medium

CVSS3