Lucene search

[email protected]CVE-2008-0888

HistoryMar 17, 2008 - 9:44 p.m.

CVE-2008-0888

2008-03-1721:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0888

needbits

inflate_dynamic

unzip

denial of service

code execution

remote attackers

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.072 Low

EPSS

Percentile

94.0%

JSON

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

CPENameOperatorVersion
info-zip:unzipinfo-zip unzipeq*

CPE	Name	Operator	Version
info-zip:unzip	info-zip unzip	eq	*

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

secunia.com/advisories/29392

secunia.com/advisories/29406

secunia.com/advisories/29415

secunia.com/advisories/29427

secunia.com/advisories/29432

secunia.com/advisories/29440

secunia.com/advisories/29495

secunia.com/advisories/29681

secunia.com/advisories/30535

secunia.com/advisories/31204

security.gentoo.org/glsa/glsa-200804-06.xml

support.apple.com/kb/HT4077

wiki.rpath.com/Advisories:rPSA-2008-0116

wiki.rpath.com/wiki/Advisories:rPSA-2008-0116

www.debian.org/security/2008/dsa-1522

www.ipcop.org/index.php?name=News&file=article&sid=40

www.mandriva.com/en/security/advisories?name=MDVSA-2008:068

www.redhat.com/support/errata/RHSA-2008-0196.html

www.securityfocus.com/archive/1/489967/100/0/threaded

www.securityfocus.com/archive/1/493080/100/0/threaded

www.securityfocus.com/bid/28288

www.securitytracker.com/id?1019634

www.ubuntu.com/usn/usn-589-1

www.vmware.com/security/advisories/VMSA-2008-0009.html

www.vupen.com/english/advisories/2008/0913/references

www.vupen.com/english/advisories/2008/1744

exchange.xforce.ibmcloud.com/vulnerabilities/41246

issues.rpath.com/browse/RPL-2317

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9733

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.072 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2008-0888

openvas18 redhat1 nessus10 prion1 securityvulns5 osv1 ubuntucve1 ubuntu1 cbl_mariner3 debian1 debiancve1 seebug1 centos2 gentoo1 vmware2 threatpost1