5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.0%
Severity: Medium
Date : 2018-01-18
CVE-ID : CVE-2017-5977 CVE-2017-5978
Package : zziplib
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-273
The package zziplib before version 0.13.67-1 is vulnerable to denial of
service.
Upgrade to 0.13.67-1.
The problems have been fixed upstream in version 0.13.67.
None.
The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62
allows remote attackers to cause a denial of service (invalid memory
read and crash) via a crafted ZIP file.
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows
remote attackers to cause a denial of service (out-of-bounds read and
crash) via a crafted ZIP file.
A remote attacker is able to use a specially crafted zip archive to
crash the application.
https://bugs.archlinux.org/task/53133
http://www.openwall.com/lists/oss-security/2017/02/14/3
https://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
https://github.com/gdraheim/zziplib/commit/9e8f867a976311a3e5fb0184c947e22ec35f2fcb
https://github.com/gdraheim/zziplib/commit/1e5b1ac48186e34e871945769623becfa3650956
https://github.com/gdraheim/zziplib/issues/3
https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
https://github.com/gdraheim/zziplib/commit/98403bb3c0661e56a2185777fd244ba3a67bc220
https://security.archlinux.org/CVE-2017-5977
https://security.archlinux.org/CVE-2017-5978
www.openwall.com/lists/oss-security/2017/02/14/3
blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
bugs.archlinux.org/task/53133
github.com/gdraheim/zziplib/commit/1e5b1ac48186e34e871945769623becfa3650956
github.com/gdraheim/zziplib/commit/98403bb3c0661e56a2185777fd244ba3a67bc220
github.com/gdraheim/zziplib/commit/9e8f867a976311a3e5fb0184c947e22ec35f2fcb
github.com/gdraheim/zziplib/issues/3
security.archlinux.org/AVG-273
security.archlinux.org/CVE-2017-5977
security.archlinux.org/CVE-2017-5978
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.0%