CVE-2017-12858
published 2017-08-23CVE-2017-12858: Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
PriorityP340critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.70%
88.4th percentile
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libzip | — | — |
| libzip | libzip | — | — |
| libzip | libzip | >= 0 < 1.5.1-0ubuntu1 | 1.5.1-0ubuntu1 |
| libzip | libzip | >= 0 < 1.7.3-1ubuntu2 | 1.7.3-1ubuntu2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libzip: use-after-free in the _zip_dirent_read function of zip_dirent.c
vendor_redhat·2021-02-09·CVSS 9.8
CVE-2019-17582 [CRITICAL] CWE-416 libzip: use-after-free in the _zip_dirent_read function of zip_dirent.c
libzip: use-after-free in the _zip_dirent_read function of zip_dirent.c
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."
Package: libzip (Red Hat Enterprise Linux 6) - Not affected
Package: libzip (Red Hat Enterprise Linux 7) - Not affected
Package: libzip (Red Hat Enterprise Linux 8) - Not affected
Package: rh-php73-php (Red Hat Software Collections) - Not affected
Debian
CVE-2019-17582: libzip - A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2....
vendor_debian·2019·CVSS 9.8
CVE-2019-17582 [CRITICAL] CVE-2019-17582: libzip - A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2....
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
libzip: Double free in _zip_dirent_read function in zip_dirent.c
vendor_redhat·2017-08-23·CVSS 9.8
CVE-2017-12858 [CRITICAL] CWE-119 libzip: Double free in _zip_dirent_read function in zip_dirent.c
libzip: Double free in _zip_dirent_read function in zip_dirent.c
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: libzip (Red Hat Enterprise Linux 6) - Not affected
Package: php (Red Hat Enterprise Linux 6) - Not affected
Package: libzip (Red Hat Enterprise Linux 7) - Not affected
Package: rh-php56-php (Red Hat Software Collections) - Not affected
Package: rh-php70-php (Red Hat Software Collections) - Not affected
Package: rh-php71-php (Red Hat Software Collections) - Not affected
Package: rh-php72-php (Red Hat Software Collections) - Not affected
Package: rh-php73-php (Red Hat Software Collections) - Not affected
Debian
CVE-2017-12858: libzip - Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in li...
vendor_debian·2017·CVSS 9.8
CVE-2017-12858 [CRITICAL] CVE-2017-12858: libzip - Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in li...
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-hwrm-p2xq-q6hh: A use-after-free in the _zip_dirent_read function of zip_dirent
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2019-17582 [CRITICAL] CWE-416 GHSA-hwrm-p2xq-q6hh: A use-after-free in the _zip_dirent_read function of zip_dirent
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."
GHSA
GHSA-qm7q-x8gp-f7m8: Double free vulnerability in the _zip_dirent_read function in zip_dirent
ghsa_unreviewed·2022-05-17
CVE-2017-12858 [CRITICAL] CWE-415 GHSA-qm7q-x8gp-f7m8: Double free vulnerability in the _zip_dirent_read function in zip_dirent
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
OSV
CVE-2019-17582: A use-after-free in the _zip_dirent_read function of zip_dirent
osv·2021-02-09·CVSS 9.8
CVE-2019-17582 [CRITICAL] CVE-2019-17582: A use-after-free in the _zip_dirent_read function of zip_dirent
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()
hackerone·2019-10-08·CVSS 9.8
CVE-2017-12858 [CRITICAL] CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()
CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()
libzip is a C library for reading, creating, and modifying zip archives. A partial list of projects using libzip include: [Plex Home Theater](https://support.plex.tv/hc/en-us/articles/204096476-License-Information), MySQL Workbench, ckmame, fuse-zip, lua-zip, **php zip extension**, zipruby, Endeavour2, FreeDink, DeaDBeeF (vfs_zip plugin), OpenLierox, ebook-tools, PDF Expert, ReaddleDocs, simple basic C++ wrapper for libzip, libzip++ - safe and modern c++14 wrapper around libzip, **Adobe (e.g., in Edge)**, PureBasic (ZipPacker), freebasic (ExtLibZip), Mercedes (S-Class), Kerkythea, G3D Innovation Engine, D'Fusion Studio, odt2tex - Libre/OpenOffice to LaTeX converter, *Kobo eReader*, Kchmviewer, **Yubikey NEO
Bugzilla
CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c
bugzilla·2017-08-23·CVSS 9.8
CVE-2017-12858 [CRITICAL] CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c
CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c
Double free vulnerability in the _zip_dirent_read function in
zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.
Upstream patch:
https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
Discussion:
Created libzip tracking bugs for this issue:
Affects: fedora-all [bug 1484515]
Created mingw-libzip tracking bugs for this issue:
Affects: fedora-all [bug 1484516]
---
The affected code was introduced via this commit in libzip version 1.2.0:
https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5
The commit fixing the issue that is linked from comment 0 was applied in libzip version 1.3.0.
Bugzilla
CVE-2017-12858 mingw-libzip: libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
bugzilla·2017-08-23·CVSS 9.8
CVE-2017-12858 [CRITICAL] CVE-2017-12858 mingw-libzip: libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
CVE-2017-12858 mingw-libzip: libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
bugzilla·2017-08-23·CVSS 9.8
CVE-2017-12858 [CRITICAL] CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
2017-08-23
Published