Lucene search
Veracode Vulnerability DatabaseVERACODE:3634HistoryMar 02, 2017 - 2:47 a.m.
Denial Of Service (DoS) Through Heap-based Buffer Overflow
2017-03-0202:47:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.002 Low
EPSS
Percentile
52.6%
zziplib is vulnerable to denial of service (DoS) attacks. Attackers can trigger heap-based buffer overflow through a ZIP file in the __zzip_get32 function in fetch.c.
References
www.debian.org/security/2017/dsa-3878
www.openwall.com/lists/oss-security/2017/02/14/3
www.securityfocus.com/bid/96268
blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
github.com/asarubbo/poc/blob/master/00150-zziplib-heapoverflow-__zzip_get32
www.openwall.com/lists/oss-security/2017/02/14/3
Related
redhatcve
redhatcve
CVE-2017-5974
2017-02-15 13:21:05
prion
prion
Heap overflow
2017-03-01 15:59:00
debiancve
debiancve
CVE-2017-5974
2017-03-01 15:59:01
ubuntucve
ubuntucve
CVE-2017-5974
2017-03-01 00:00:00
osv
osv
CVE-2017-5974
2017-03-01 15:59:01
zziplib - security update
2017-06-20 00:00:00
zziplib - security update
2017-06-12 00:00:00
cvelist
cvelist
CVE-2017-5974
2017-03-01 15:00:00
cve
cve
CVE-2017-5974
2017-03-01 15:59:01
alpinelinux
alpinelinux
CVE-2017-5974
2017-03-01 15:59:01
nvd
nvd
CVE-2017-5974
2017-03-01 15:59:01
nessus
nessus
Fedora 28 : zziplib (2018-237e9b550c)
2019-01-03 00:00:00
Debian DLA-994-1 : zziplib security update
2017-06-21 00:00:00
Debian DSA-3878-1 : zziplib - security update
2017-06-13 00:00:00
archlinux
archlinux
[ASA-201705-15] zziplib: multiple issues
2017-05-12 00:00:00
debian
debian
[SECURITY] [DLA 994-1] zziplib security update
2017-06-20 20:23:15
[SECURITY] [DSA 3878-1] zziplib security update
2017-06-12 18:53:17
openvas
openvas
Debian Security Advisory DSA 3878-1 (zziplib - security update)
2017-06-12 00:00:00
Ubuntu: Security Advisory (USN-3320-1)
2017-06-16 00:00:00
Debian: Security Advisory (DLA-994-1)
2018-01-28 00:00:00
ubuntu
ubuntu
zziplib vulnerabilities
2017-06-15 00:00:00
mageia
mageia
Updated zziplib packages fix security vulnerability
2017-06-10 02:05:58
rosalinux
rosalinux
Advisory ROSA-SA-2021-2006
2021-07-02 18:22:50
fedora
fedora
[SECURITY] Fedora 28 Update: zziplib-0.13.69-1.fc28
2018-07-31 18:06:22
freebsd
freebsd
zziplib - multiple vulnerabilities
2017-03-01 00:00:00