CVE-2018-6542 — Return of Wrong Status Code in Zziplib

CWE-393 — Return of Wrong Status Code7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gdraheim Zziplib Debian Zziplib

Timeline

PublishedFeb 2

Latest updateMay 13

Description

In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/zziplib

▶NVDgdraheim/zziplib0.13.67

🔴Vulnerability Details

GHSA

GHSA-66ww-fgg3-pc35: In ZZIPlib 0↗2022-05-13

▶

OSV

CVE-2018-6542: In ZZIPlib 0↗2018-02-02

▶

📋Vendor Advisories

Red Hat

zziplib: bus error in zzip_disk_findfirst function in zzip/mmapped.c↗2018-02-02

▶

Debian

CVE-2018-6542: zziplib - In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek va...↗2018

▶

💬Community

Bugzilla

CVE-2018-6542 zziplib: bus error in zzip_disk_findfirst function in zzip/mmapped.c↗2018-02-05

▶

Bugzilla

CVE-2018-6542 zziplib: zzip_disk_findfirst function of zzip/mmapped.c [fedora-all]↗2018-02-05

▶