CVE-2012-1162
published 2012-07-12CVE-2012-1162: Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash)…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.02%
89.3th percentile
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libzip | < libzip 0.10.1-1 (bookworm) | libzip 0.10.1-1 (bookworm) |
| libzip | libzip | >= 0 < 0.10.1-1 | 0.10.1-1 |
| libzip | libzip | >= 0 < 0.10.1-1 | 0.10.1-1 |
| libzip | libzip | >= 0 < 0.10.1-1 | 0.10.1-1 |
| libzip | libzip | >= 0 < 0.10.1-1 | 0.10.1-1 |
| nih | libzip | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libzip: heap overflow flaw when processing malformed zip file
vendor_redhat·2012-03-20·CVSS 7.5
CVE-2012-1162 [HIGH] libzip: heap overflow flaw when processing malformed zip file
libzip: heap overflow flaw when processing malformed zip file
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
Statement: Not vulnerable. This issue did not affect the versions of libzip and php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of php53 as shipped with Red Hat Enterprise Linux 5.
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: libzip (Red Hat Enterprise Linux 6) - Not affected
Package: php (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2012-1162: libzip - Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip...
vendor_debian·2012·CVSS 7.5
CVE-2012-1162 [HIGH] CVE-2012-1162: libzip - Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip...
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
Scope: local
bookworm: resolved (fixed in 0.10.1-1)
bullseye: resolved (fixed in 0.10.1-1)
forky: resolved (fixed in 0.10.1-1)
sid: resolved (fixed in 0.10.1-1)
trixie: resolved (fixed in 0.10.1-1)
GHSA
GHSA-m749-r8jf-5h5g: Heap-based buffer overflow in the _zip_readcdir function in zip_open
ghsa_unreviewed·2022-05-17
CVE-2012-1162 [HIGH] CWE-119 GHSA-m749-r8jf-5h5g: Heap-based buffer overflow in the _zip_readcdir function in zip_open
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
OSV
CVE-2012-1162: Heap-based buffer overflow in the _zip_readcdir function in zip_open
osv·2012-07-12·CVSS 7.5
CVE-2012-1162 [HIGH] CVE-2012-1162: Heap-based buffer overflow in the _zip_readcdir function in zip_open
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-1162 CVE-2012-1163 libzip various flaws [fedora-all]
bugzilla·2012-03-20·CVSS 7.5
CVE-2012-1162 [HIGH] CVE-2012-1162 CVE-2012-1163 libzip various flaws [fedora-all]
CVE-2012-1162 CVE-2012-1163 libzip various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=802564
Bugzilla
CVE-2012-1162 CVE-2012-1163 php various flaws [fedora-all]
bugzilla·2012-03-20·CVSS 7.5
CVE-2012-1162 [HIGH] CVE-2012-1162 CVE-2012-1163 php various flaws [fedora-all]
CVE-2012-1162 CVE-2012-1163 php various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=802564
Ple
Bugzilla
CVE-2012-1162 libzip: heap overflow flaw when processing malformed zip file
bugzilla·2012-03-12·CVSS 7.5
CVE-2012-1162 [HIGH] CVE-2012-1162 libzip: heap overflow flaw when processing malformed zip file
CVE-2012-1162 libzip: heap overflow flaw when processing malformed zip file
A heap overflow vulnerability was reported in libzip <= 0.10 when processing certain corrupt zip files. When libzip opens a zip file, it allocates memory based on the number of directory entries, however ue to an incorrect loop construct in lib/zip_open.c, if the number of directories in the file is set to 0, no memory would be allocated, which could cause libzip to write beyond the allocated memory.
This has already been corrected upstream [1].
[1] http://hg.nih.at/libzip/?cs=906bcce2bc13
Acknowledgements:
Red Hat would like to thank Timo Warns for reporting this issue.
Discussion:
While this flaw has been fixed in the upstream repository, no release has been made that includes it, and the extent of the fl
http://nih.at/listarchive/libzip-discuss/msg00252.htmlhttp://www.gentoo.org/security/en/glsa/glsa-201203-23.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:034http://www.nih.at/libzip/NEWS.htmlhttp://www.openwall.com/lists/oss-security/2012/03/21/2http://www.openwall.com/lists/oss-security/2012/03/29/11http://nih.at/listarchive/libzip-discuss/msg00252.htmlhttp://www.gentoo.org/security/en/glsa/glsa-201203-23.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:034http://www.nih.at/libzip/NEWS.htmlhttp://www.openwall.com/lists/oss-security/2012/03/21/2http://www.openwall.com/lists/oss-security/2012/03/29/11
2012-07-12
Published