Download
| Alert*
|
oval:org.secpod.oval:def:1801616
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. in a z ... oval:org.secpod.oval:def:89050778 This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-16548: Prevented memory leak from __zzip_parse_root_directory. Free allocated structure if its address is not passed back. Other issue addressed: - Prevented a division by zero . oval:org.secpod.oval:def:1900051 An issue was discovered in zziplib-bin through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:2000038 An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1700267 An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in __zzip_fetch_disk_trailer . ... oval:org.secpod.oval:def:1504279 [0.13.62-11] - Fix CVE-2018-6541 - Part of the original patch has already been applied in the past , so the bug should not be reproducible in a way described in the github issue, even without this commit. Applying the rest of the original patch anyway. - https://github.com/gdraheim/zziplib/issues/16 ... oval:org.secpod.oval:def:503260 The zziplib is a lightweight library to easily extract data from zip files. Security Fix: * zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c * zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c For more details about the security issue, inc ... oval:org.secpod.oval:def:205353 The zziplib is a lightweight library to easily extract data from zip files. Security Fix: * zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c * zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c For more details about the security issue, inc ... |
