CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18770 – zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c
https://notcve.org/view.php?id=CVE-2020-18770
An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. An invalid memory access flaw was found in the mmapped.c file's zzip_disk_entry_to_file_header function in Zziplib. This issue could allow an attacker to entice a victim into opening a specially crafted file, leading to a denial of service. • https://github.com/gdraheim/zziplib/issues/69 https://access.redhat.com/security/cve/CVE-2020-18770 https://bugzilla.redhat.com/show_bug.cgi?id=2246907 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-18442 – zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file()
https://notcve.org/view.php?id=CVE-2020-18442
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". Un bucle infinito en zziplib versión v0.13.69, permite a atacantes remotos causar una denegación de servicio por medio del valor de retorno "zzip_file_read" en la función "unzzip_cat_file" • https://github.com/gdraheim/zziplib/issues/68 https://lists.debian.org/debian-lts-announce/2021/12/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCFYD46OY4VAGJ4UX7IFOH5SHD4UW4ZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVANTEBDQGOIPC5KCEVAGA5KT4KKTGWB https://access.redhat.com/security/cve/CVE-2020-18442 https://bugzilla.redhat.com/show_bug.cgi?id=1973826 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17828 – zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c
https://notcve.org/view.php?id=CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. Vulnerabilidad de salto de directorio en ZZIPlib 0.13.69 permite que un atacante sobrescriba archivos arbitrarios mediante un .. (punto punto) en un archivo zip. Esto se debe a la función unzzip_cat en el archivo bins/unzzipcat-mem.c. • https://github.com/gdraheim/zziplib/issues/62 https://access.redhat.com/security/cve/CVE-2018-17828 https://bugzilla.redhat.com/show_bug.cgi?id=1635888 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16548 – zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c
https://notcve.org/view.php?id=CVE-2018-16548
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. Se ha descubierto un problema en ZZIPlib hasta su versión 0.13.69. Existe una fuga de memoria que se desencadena en la función __zzip_parse_root_directory en zip.c que provocará un ataque de denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00066.html https://access.redhat.com/errata/RHSA-2019:2196 https://github.com/gdraheim/zziplib/issues/58 https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://access.redhat.com/security/cve/CVE-2018-16548 https://bugzilla.redhat.com/show_bug.cgi?id=1626200 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7725 – zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash
https://notcve.org/view.php?id=CVE-2018-7725
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. Se ha descubierto un problema en ZZIPlib 0.13.68. Se ha descubierto una desreferencia de dirección de memoria inválida en zzip_disk_fread en mmapped.c. • https://access.redhat.com/errata/RHSA-2018:3229 https://github.com/gdraheim/zziplib/issues/39 https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1 https://access.redhat.com/security/cve/CVE-2018-7725 https://bugzilla.redhat.com/show_bug.cgi?id=1554662 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •