CVE-2018-7727

Опубликовано: 06 мар. 2018

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. Local attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	zziplib	Not affected
Red Hat Enterprise Linux 7	zziplib	Fixed	RHSA-2018:3229	30.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-772

https://bugzilla.redhat.com/show_bug.cgi?id=1554676zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip

EPSS

Процентиль: 27%

0.00094

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-7727

CVSS3: 6.5

ubuntu

больше 7 лет назад

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

CVE-2018-7727

CVSS3: 6.5

nvd

больше 7 лет назад

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

CVE-2018-7727

CVSS3: 6.5

debian

больше 7 лет назад

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak tri ...

GHSA-4g2g-r89f-8qqm

CVSS3: 6.5

github

больше 3 лет назад

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

BDU:2020-03948

CVSS3: 6.5

fstec

больше 7 лет назад

Уязвимость функции zzip_mem_disk_new библиотеки архивирования ZZIPlib, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%

0.00094

Низкий

3.3 Low

CVSS3