CVE-2018-7727 — Missing Release of Resource after Effective Lifetime in Zziplib

CWE-772 — Missing Release of Resource after Effective Lifetime9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gdraheim Zziplib Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +2 more

Timeline

PublishedMar 6

Latest updateAug 17

Description

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶Ubuntugdraheim/zziplib< 0.13.62-3.2ubuntu1.1+2

▶debiandebian/zziplib

▶NVDgdraheim/zziplib0.13.68

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

🔴Vulnerability Details

OSV

zziplib vulnerabilities↗2023-08-17

▶

GHSA

GHSA-4g2g-r89f-8qqm: An issue was discovered in ZZIPlib 0↗2022-05-13

▶

OSV

CVE-2018-7727: An issue was discovered in ZZIPlib 0↗2018-03-06

▶

📋Vendor Advisories

Ubuntu

ZZIPlib vulnerabilities↗2023-08-17

▶

Red Hat

zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip↗2018-03-06

▶

Debian

CVE-2018-7727: zziplib - An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in ...↗2018

▶

💬Community

Bugzilla

CVE-2018-7726 CVE-2018-7727 zziplib: various flaws [fedora-all]↗2018-03-13

▶

Bugzilla

CVE-2018-7727 zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip↗2018-03-13

▶