The vulnerability of the `__zzip_parse_root_directory` function in the ZZIPlib compression library, related to the occurrence of operations outside the buffer’s boundaries, allows a hacker to trigger a service failure.

🗓️ 27 Feb 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in __zzip_parse_root_directory of ZZIPlib enables out-of-bounds memory access.

Reporter	Title	Published	Views	Family All 63
FreeBSD	zziplib - multiple vulnerabilities	1 Mar 201700:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : zziplib (ALAS-2019-1142)	10 Jan 201900:00	–	nessus
Tenable Nessus	CentOS 7 : zziplib (CESA-2018:3229)	16 Nov 201800:00	–	nessus
Tenable Nessus	Debian DLA-2258-1 : zziplib security update	29 Jun 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : zziplib (EulerOS-SA-2018-1397)	10 Dec 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : zziplib (EulerOS-SA-2018-1423)	28 Dec 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : zziplib (EulerOS-SA-2019-2236)	8 Nov 201900:00	–	nessus
Tenable Nessus	Fedora 28 : zziplib (2018-237e9b550c)	3 Jan 201900:00	–	nessus
Tenable Nessus	FreeBSD : zziplib - multiple vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)	10 Jul 201800:00	–	nessus
Tenable Nessus	MiracleLinux 7 : zziplib-0.13.62-9.el7 (AXSA:2018-3426:01)	16 Jan 202600:00	–	nessus

Vulners

Node

guido_u._draheim zziplibRange<0.13.69

OR

red_hat red_hat_enterprise_linuxMatch7

OR

canonical ubuntuMatch17.10

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-7726
security-tracker	www.security-tracker.debian.org/tracker/CVE-2018-7726
github	www.github.com/gdraheim/zziplib/issues/41
access	www.access.redhat.com/errata/RHSA-2018:3229
usn	www.usn.ubuntu.com/3699-1/
wiki	www.wiki.astralinux.ru/pages/viewpage.action
web	www.web.nvd.nist.gov/view/vuln/detail

27 Feb 2020 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 36.5

CVSS 27.1

EPSS0.00498

zzip parse root zzip library vulnerability memory access error