zziplib: Multiple vulnerabilities (CVE-2018-16548, CVE-2018-17828)ID: oval:org.secpod.oval:def:1801616 | Date: (C)2019-11-27 (M)2022-02-04 |
Class: PATCH | Family: unix |
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
Platform: |
Alpine Linux 3.10 |