[ASA-201804-3] zziplib: denial of service
Santiago Torres-Arias
santiago at archlinux.org
Mon Apr 9 15:41:22 UTC 2018
Arch Linux Security Advisory ASA-201804-3
=========================================
Severity: Medium
Date : 2018-04-04
CVE-ID : CVE-2018-7725 CVE-2018-7726 CVE-2018-7727
Package : zziplib
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-612
Summary
=======
The package zziplib before version 0.13.69-1 is vulnerable to denial of
service.
Resolution
==========
Upgrade to 0.13.69-1.
# pacman -Syu "zziplib>=0.13.69-1"
The problems have been fixed upstream in version 0.13.69.
Workaround
==========
None.
Description
===========
- CVE-2018-7725 (denial of service)
An out of bounds read was found in function zzip_disk_fread of ZZIPlib
before 0.13.69, when ZZIPlib mem_disk functionality is used. Remote
attackers could leverage this vulnerability to cause a denial of
service via a crafted zip file.
- CVE-2018-7726 (denial of service)
An improper input validation was found in function
__zzip_fetch_disk_trailer of ZZIPlib before 0.13.69, that could lead to
a crash in __zzip_parse_root_directory function of zzip/zip.c. Remote
attackers could leverage this vulnerability to cause a denial of
service via a crafted zip file.
- CVE-2018-7727 (denial of service)
A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib
before 0.13.69, that could lead to resource exhaustion. Local attackers
could leverage this vulnerability to cause a denial of service via a
crafted zip file.
Impact
======
A remote attacker can cause a denial of service via a specially crafted
zip file.
References
==========
https://github.com/gdraheim/zziplib/issues/39
https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06
https://github.com/gdraheim/zziplib/issues/41
https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
https://github.com/gdraheim/zziplib/issues/40
https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
https://security.archlinux.org/CVE-2018-7725
https://security.archlinux.org/CVE-2018-7726
https://security.archlinux.org/CVE-2018-7727
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180409/df85dffd/attachment.asc>
More information about the arch-security
mailing list