CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7726 – zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file
https://notcve.org/view.php?id=CVE-2018-7726
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. Se ha descubierto un problema en ZZIPlib 0.13.68. Hay un error de bus provocado por la función __zzip_parse_root_directory de zip.c. • https://access.redhat.com/errata/RHSA-2018:3229 https://github.com/gdraheim/zziplib/issues/41 https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1 https://access.redhat.com/security/cve/CVE-2018-7726 https://bugzilla.redhat.com/show_bug.cgi?id=1554672 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7727 – zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip
https://notcve.org/view.php?id=CVE-2018-7727
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. Se ha descubierto un problema en ZZIPlib 0.13.68. Existe una fuga de memoria que se desencadena en la función zzip_mem_disk_new en memdisk.c que provocaría un ataque de denegación de servicio. A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. • https://access.redhat.com/errata/RHSA-2018:3229 https://github.com/gdraheim/zziplib/issues/40 https://access.redhat.com/security/cve/CVE-2018-7727 https://bugzilla.redhat.com/show_bug.cgi?id=1554676 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7642 – binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash
https://notcve.org/view.php?id=CVE-2018-7642
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. La funcíon swap_std_reloc_in en aoutx.h en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL en aout_32_swap_std_reloc_out y cierre inesperado de la aplicación) mediante un archivo ELF manipulado, tal y como demuestra objcopy. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22887 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=116acb2c268c89c89186673a7c92620d21825b25 https://access.redhat.com/security/cve/CVE-2018-7642 htt • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7643 – binutils: Integer overflow in the display_debug_ranges function resulting in crash
https://notcve.org/view.php?id=CVE-2018-7643
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. La función display_debug_ranges en dwarf.c en GNU Binutils 2.30 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de enteros y caída de aplicación) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo ELF modificado, tal y como demuestra objdump. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/103264 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22905 https://access.redhat.com/security/cve/CVE-2018-7643 https://bugzilla.redhat.com/show_bug.cgi?id=15 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 7%CPEs: 55EXPL: 0CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhcpd. Afecta a ISC DHCP desde la versión 4.1.0 hasta la 4.1-ESV-R15, desde la versión 4.2.0 hasta la 4.2.8, desde la versión 4.3.0 hasta la 4.3.6 y a la versión 4.4.0. A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. • http://www.securityfocus.com/bid/103188 http://www.securitytracker.com/id/1040437 https://access.redhat.com/errata/RHSA-2018:0469 https://access.redhat.com/errata/RHSA-2018:0483 https://kb.isc.org/docs/aa-01567 https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html https://usn.ubuntu.com/3586-1 https://usn.ubuntu.com/3586-2 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2018-5733 https://bugzilla.redhat • CWE-190: Integer Overflow or Wraparound •