CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7726 – zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file
https://notcve.org/view.php?id=CVE-2018-7726
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. Se ha descubierto un problema en ZZIPlib 0.13.68. Hay un error de bus provocado por la función __zzip_parse_root_directory de zip.c. • https://access.redhat.com/errata/RHSA-2018:3229 https://github.com/gdraheim/zziplib/issues/41 https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1 https://access.redhat.com/security/cve/CVE-2018-7726 https://bugzilla.redhat.com/show_bug.cgi?id=1554672 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7727 – zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip
https://notcve.org/view.php?id=CVE-2018-7727
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. Se ha descubierto un problema en ZZIPlib 0.13.68. Existe una fuga de memoria que se desencadena en la función zzip_mem_disk_new en memdisk.c que provocaría un ataque de denegación de servicio. A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. • https://access.redhat.com/errata/RHSA-2018:3229 https://github.com/gdraheim/zziplib/issues/40 https://access.redhat.com/security/cve/CVE-2018-7727 https://bugzilla.redhat.com/show_bug.cgi?id=1554676 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6869
https://notcve.org/view.php?id=CVE-2018-6869
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.68, hay una asignación de memoria no controlada y un cierre inesperado en la función __zzip_parse_root_directory en zzip/zip.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo zip manipulado. • http://www.securityfocus.com/bid/103050 https://github.com/gdraheim/zziplib/issues/22 https://lists.debian.org/debian-lts-announce/2018/02/msg00022.html https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6542
https://notcve.org/view.php?id=CVE-2018-6542
In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. En ZZIPlib 0.13.67, hay un error de bus (al gestionar los valores de búsqueda disk64_trailer) provocado por la carga de una dirección mal alineada en la función zzip_disk_findfirst de zzip/mmapped.c. • https://github.com/gdraheim/zziplib/issues/17 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6540
https://notcve.org/view.php?id=CVE-2018-6540
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.67, hay un error de bus provocado por la carga de una dirección mal alineada en la función zzip_disk_findfirst de zzip/mmapped.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo zip manipulado. • https://github.com/gdraheim/zziplib/issues/15 https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html https://usn.ubuntu.com/3699-1 •