CVE-2018-6381 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Zziplib

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 45.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gdraheim Zziplib Debian Zziplib Canonical Ubuntu Linux

Timeline

PublishedJan 29

Latest updateMay 13

Description

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/zziplib< zziplib 0.13.62-3.2 (bookworm)

▶Debiangdraheim/zziplib< 0.13.62-3.2+3

▶NVDgdraheim/zziplib0.13.67

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

GHSA

GHSA-pc5j-427r-h2x3: In ZZIPlib 0↗2022-05-13

▶

OSV

CVE-2018-6381: In ZZIPlib 0↗2018-01-29

▶

📋Vendor Advisories

Ubuntu

zziplib vulnerabilities↗2018-07-03

▶

Red Hat

zziplib: Invalid memory access in the zzip_disk_fread function in zzip/mmapped.c↗2018-01-29

▶

Debian

CVE-2018-6381: zziplib - In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.6...↗2018

▶

💬Community

Bugzilla

CVE-2018-6381 zziplib: Invalid memory access in the zzip_disk_fread function in zzip/mmapped.c [fedora-all]↗2018-01-30

▶

Bugzilla

CVE-2018-6381 zziplib: Invalid memory access in the zzip_disk_fread function in zzip/mmapped.c↗2018-01-30

▶