Lucene search

[email protected]CVE-2012-1162

HistoryJul 12, 2012 - 8:55 p.m.

CVE-2012-1162

2012-07-1220:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-1162

buffer overflow

libzip

remote code execution

nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an “incorrect loop construct.”

CPENameOperatorVersion
nih:libzipnih libzipeq0.10

CPE	Name	Operator	Version
nih:libzip	nih libzip	eq	0.10

References

nih.at/listarchive/libzip-discuss/msg00252.html

www.gentoo.org/security/en/glsa/glsa-201203-23.xml

www.mandriva.com/security/advisories?name=MDVSA-2012:034

www.nih.at/libzip/NEWS.html

www.openwall.com/lists/oss-security/2012/03/21/2

www.openwall.com/lists/oss-security/2012/03/29/11

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2012-1162

ubuntucve1 prion1 debiancve1 seebug1 nessus4 securityvulns3 openvas6 fedora1 gentoo1