CVE-2008-4420 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Dynazip MAX

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

6.5%

top 8.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Innermedia Dynazip MAX Innermedia Dynazip MAX Secure Filestream Turbozip +1 more

Timeline

PublishedApr 13

Latest updateMay 2

Description

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDhp/openview_performance_agentc.04.60, c.04.70, c.04.72+2

▶NVDinnermedia/dynazip_max_secure6.0.0.4

▶NVDinnermedia/dynazip_max5.0.0.7

▶NVDfilestream/turbozip6.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-h48g-43cm-jhf2: Multiple stack-based buffer overflows in DZIP32↗2022-05-02

▶