Lucene search

Gentoo FoundationMGASA-2024-0167

HistoryMay 09, 2024 - 5:40 a.m.

Updated zziplib packages fix security vulnerability

2024-05-0905:40:29

Gentoo Foundation

advisories.mageia.org

zziplib

security

vulnerability

denial-of-service

package fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

12.7%

JSON

An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. (CVE-2020-18770)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchzziplib< 0.13.72-2.1zziplib-0.13.72-2.1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	zziplib	< 0.13.72-2.1	zziplib-0.13.72-2.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=33169

lwn.net/Articles/971664/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

12.7%

JSON

Related for MGASA-2024-0167