rpm package
almalinux/zziplib
pkg:rpm/almalinux/zziplib
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-18770 | — | < 0.13.71-11.el9_4 | 0.13.71-11.el9_4 | Aug 22, 2023 | An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. | ||
| CVE-2020-18442 | — | < 0.13.68-9.el8 | 0.13.68-9.el8 | Jun 18, 2021 | Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | ||
| CVE-2018-17828 | Med | 5.5 | < 0.13.78-2.el10 | 0.13.78-2.el10 | Oct 1, 2018 | Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. |
- CVE-2020-18770Aug 22, 2023affected < 0.13.71-11.el9_4fixed 0.13.71-11.el9_4
An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.
- CVE-2020-18442Jun 18, 2021affected < 0.13.68-9.el8fixed 0.13.68-9.el8
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
- affected < 0.13.78-2.el10fixed 0.13.78-2.el10
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.