CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
66.4%
Severity: Medium
Date : 2018-04-04
CVE-ID : CVE-2018-7725 CVE-2018-7726 CVE-2018-7727
Package : zziplib
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-612
The package zziplib before version 0.13.69-1 is vulnerable to denial of
service.
Upgrade to 0.13.69-1.
The problems have been fixed upstream in version 0.13.69.
None.
An out of bounds read was found in function zzip_disk_fread of ZZIPlib
before 0.13.69, when ZZIPlib mem_disk functionality is used. Remote
attackers could leverage this vulnerability to cause a denial of
service via a crafted zip file.
An improper input validation was found in function
__zzip_fetch_disk_trailer of ZZIPlib before 0.13.69, that could lead to
a crash in __zzip_parse_root_directory function of zzip/zip.c. Remote
attackers could leverage this vulnerability to cause a denial of
service via a crafted zip file.
A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib
before 0.13.69, that could lead to resource exhaustion. Local attackers
could leverage this vulnerability to cause a denial of service via a
crafted zip file.
A remote attacker can cause a denial of service via a specially crafted
zip file.
https://github.com/gdraheim/zziplib/issues/39
https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06
https://github.com/gdraheim/zziplib/issues/41
https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
https://github.com/gdraheim/zziplib/issues/40
https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
https://security.archlinux.org/CVE-2018-7725
https://security.archlinux.org/CVE-2018-7726
https://security.archlinux.org/CVE-2018-7727
github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be
github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06
github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
github.com/gdraheim/zziplib/issues/39
github.com/gdraheim/zziplib/issues/40
github.com/gdraheim/zziplib/issues/41
security.archlinux.org/AVG-612
security.archlinux.org/CVE-2018-7725
security.archlinux.org/CVE-2018-7726
security.archlinux.org/CVE-2018-7727
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
66.4%