CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16548 – zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c
https://notcve.org/view.php?id=CVE-2018-16548
05 Sep 2018 — An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. Se ha descubierto un problema en ZZIPlib hasta su versión 0.13.69. Existe una fuga de memoria que se desencadena en la función __zzip_parse_root_directory en zip.c que provocará un ataque de denegación de servicio (DoS). The zziplib is a lightweight library to easily extract data from zip files. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6540 – Ubuntu Security Notice USN-3699-1
https://notcve.org/view.php?id=CVE-2018-6540
02 Feb 2018 — In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.67, hay un error de bus provocado por la carga de una dirección mal alineada en la función zzip_disk_findfirst de zzip/mmapped.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archi... • https://github.com/gdraheim/zziplib/issues/15 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6541 – zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c
https://notcve.org/view.php?id=CVE-2018-6541
02 Feb 2018 — In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.67, hay un error de bus provocado por la carga de una dirección mal alineada (al gestionar las entradas locales disk64_trailer) en __zzip_fetch_disk_trailer (zzip/zip.c). Los atacantes remotos pueden aprovechar esta vulne... • https://access.redhat.com/errata/RHSA-2019:2196 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6542
https://notcve.org/view.php?id=CVE-2018-6542
02 Feb 2018 — In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. En ZZIPlib 0.13.67, hay un error de bus (al gestionar los valores de búsqueda disk64_trailer) provocado por la carga de una dirección mal alineada en la función zzip_disk_findfirst de zzip/mmapped.c. • https://github.com/gdraheim/zziplib/issues/17 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6484 – Ubuntu Security Notice USN-3699-1
https://notcve.org/view.php?id=CVE-2018-6484
01 Feb 2018 — In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. En ZZIPlib 0.13.67, hay un error de alineación de memoria y un error de bus en la función __zzip_fetch_disk_trailer de zzip/zip.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo zip manipulado. It was di... • https://github.com/gdraheim/zziplib/issues/14 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6381 – Ubuntu Security Notice USN-3699-1
https://notcve.org/view.php?id=CVE-2018-6381
29 Jan 2018 — In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. En ZZIPlib versiones 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 y 0.13.56 hay un fallo de segmentación causado por un acceso a memoria no vál... • https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-6381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •