Vulnerability CVE-2018-16548: Information

Description

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-16548
Published: Sept. 6, 2018
Modified: June 28, 2020
Error type identifier: CWE-772

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
zziplibsisyphus0.13.69-alt20.13.72-alt1ALT-PU-2019-2518-1236408Fixed
zziplibsisyphus_riscv640.13.72-alt10.13.72-alt1ALT-PU-2022-3478-1-Fixed
zziplibp100.13.69-alt20.13.72-alt1ALT-PU-2019-2518-1236408Fixed
zziplibp90.13.69-alt30.13.69-alt3ALT-PU-2019-3157-1240930Fixed
zziplibc10f10.13.69-alt20.13.72-alt1ALT-PU-2019-2518-1236408Fixed
zziplibc9f20.13.69-alt30.13.69-alt3ALT-PU-2019-3157-1240930Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/gdraheim/zziplib/issues/58
  • Exploit
  • Patch
  • Third Party Advisory
RHSA-2019:2196
    openSUSE-SU-2019:2396
      openSUSE-SU-2019:2394
        [debian-lts-announce] 20200628 [SECURITY] [DLA 2258-1] zziplib security update

            1. Configuration 1

              cpe:2.3:a:zziplib_project:zziplib:*:*:*:*:*:*:*:*
              End including
              0.13.69
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.0
          Back to top