CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.4%
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip
0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39,
5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a ZIP archive that contains many
entries, leading to a heap-based buffer overflow.
Author | Note |
---|---|
mdeslaur | libzip in trusty and earlier doesn’t support ZIP64, so doesn’t look vulnerable. php5 in utopic and earlier doesn’t support ZIP64 either. |
sbeattie | fixed in libzip 1.0 release |