RHEL 7 : libzip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libzip: Memory allocation failure in zipcdirgrow function CVE-2017-14107 Note that Nessus has not tested for this...

VulnCheck KEV: CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly...

php:8.0 security update

libzip php 8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip...

Ubuntu 16.04 ESM / 18.04 ESM : libzip vulnerability (USN-4811-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4811-1 advisory. It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service...

php:7.4 security update

libzip 1.6.1-1 - update to 1.6.1 - enable lzma support 1.5.2-1 - update to 1.5.2 - add all explicit cmake options to ensure openssl is used even in local build with other lilbraries available 1.5.1-1 - update to 1.5.1 - drop dependency on zlib-devel and bzip2-devel no more referenced in libzip.pc...

SUSE CVE-2012-1162

Heap-based buffer overflow in the zipreadcdir function in zipopen.c in libzip 0.10 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."...

SUSE CVE-2012-1163

Integer overflow in the zipreadcdir function in zipopen.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an...

SUSE CVE-2015-2331

Integer overflow in the zipcdirnew function in zipdirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service application crash or possibly execute...

SUSE CVE-2017-12858

Double free vulnerability in the zipdirentread function in zipdirent.c in libzip allows attackers to have unspecified impact via unknown vectors...

SUSE CVE-2017-14107

The zipreadeocd64 function in zipopen.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service memory allocation failure in zipcdirgrow in zipdirent.c via a crafted ZIP archive...

SUSE CVE-2019-17582

A use-after-free in the zipdirentread function of zipdirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."...

Ubuntu: Security Advisory (USN-4811-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-35773 · Git +1 · Libzip

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

php:8.0 security, bug fix, and enhancement update

libzip 1.7.3-1 - update to 1.7.3 php-pecl-apcu 5.1.20-1 - update to 5.1.20 php-pecl-rrd 2.0.3-1 - update to 2.0.3 php-pecl-xdebug3 3.1.2-1 - update to 3.1.2 rhbz2030322...

php:7.4 security, bug fix, and enhancement update

libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.30-1 - rebase to 7.4.30 2099615 7.4.19-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 7.4.19-2 - fix SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 - fix Local privilege escalation via...

CentOS 8 : php:8.0 (CESA-2022:7624)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7624 advisory. - php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 - php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625...

php:7.4 security, bug fix, and enhancement update

An update is available for php-pear, php-pecl-rrd, php, php-pecl-apcu, php-pecl-xdebug, libzip, php-pecl-zip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP...

The vulnerability of the _zip_read_eocd64 function in the zip_open.c component of the Libzip library allows a attacker to cause a service failure.

The vulnerability of the zipreadeocd64 function in the zipopen.c component of the Libzip library library for working with Zip archives is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

php:8.0 security update

An update is available for php-pear, php-pecl-rrd, php, php-pecl-apcu, libzip, php-pecl-xdebug3, php-pecl-zip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PH...

new packages: libzip

An update is available for libzip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...