Описание
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| plucky | not-affected | code not present |
| questing | not-affected | code not present |
| upstream | not-affected | code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | uses system zlib |
| esm-infra-legacy/trusty | not-affected | uses system zlib |
| esm-infra/bionic | needed | |
| esm-infra/focal | needed | |
| esm-infra/xenial | needed | |
| jammy | not-affected | uses system zlib |
| noble | not-affected | uses system zlib |
| plucky | not-affected | uses system zlib |
| questing | not-affected | uses system zlib |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | untgz not present |
| esm-infra-legacy/trusty | not-affected | untgz not present |
| esm-infra/bionic | not-affected | untgz not present |
| esm-infra/focal | not-affected | untgz not present |
| esm-infra/xenial | not-affected | untgz not present |
| jammy | not-affected | untgz not present |
| noble | not-affected | untgz not present |
| plucky | not-affected | untgz not present |
| questing | not-affected | untgz not present |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| plucky | needs-triage | |
| questing | needs-triage |
Показывать по
Связанные уязвимости
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.
zlib versions up to and including 1.3.1.2 contain a global buffer over ...
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.