CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18770 – zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c
https://notcve.org/view.php?id=CVE-2020-18770
An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. An invalid memory access flaw was found in the mmapped.c file's zzip_disk_entry_to_file_header function in Zziplib. This issue could allow an attacker to entice a victim into opening a specially crafted file, leading to a denial of service. • https://github.com/gdraheim/zziplib/issues/69 https://access.redhat.com/security/cve/CVE-2020-18770 https://bugzilla.redhat.com/show_bug.cgi?id=2246907 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-18442 – zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file()
https://notcve.org/view.php?id=CVE-2020-18442
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". Un bucle infinito en zziplib versión v0.13.69, permite a atacantes remotos causar una denegación de servicio por medio del valor de retorno "zzip_file_read" en la función "unzzip_cat_file" • https://github.com/gdraheim/zziplib/issues/68 https://lists.debian.org/debian-lts-announce/2021/12/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCFYD46OY4VAGJ4UX7IFOH5SHD4UW4ZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVANTEBDQGOIPC5KCEVAGA5KT4KKTGWB https://access.redhat.com/security/cve/CVE-2020-18442 https://bugzilla.redhat.com/show_bug.cgi?id=1973826 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17828 – zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c
https://notcve.org/view.php?id=CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. Vulnerabilidad de salto de directorio en ZZIPlib 0.13.69 permite que un atacante sobrescriba archivos arbitrarios mediante un .. (punto punto) en un archivo zip. Esto se debe a la función unzzip_cat en el archivo bins/unzzipcat-mem.c. • https://github.com/gdraheim/zziplib/issues/62 https://access.redhat.com/security/cve/CVE-2018-17828 https://bugzilla.redhat.com/show_bug.cgi?id=1635888 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16548 – zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c
https://notcve.org/view.php?id=CVE-2018-16548
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. Se ha descubierto un problema en ZZIPlib hasta su versión 0.13.69. Existe una fuga de memoria que se desencadena en la función __zzip_parse_root_directory en zip.c que provocará un ataque de denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00066.html https://access.redhat.com/errata/RHSA-2019:2196 https://github.com/gdraheim/zziplib/issues/58 https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://access.redhat.com/security/cve/CVE-2018-16548 https://bugzilla.redhat.com/show_bug.cgi?id=1626200 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •