rpm package
suse/zziplib&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/zziplib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17828 | Med | 5.5 | < 0.13.69-3.3.1 | 0.13.69-3.3.1 | Oct 1, 2018 | Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. | |
| CVE-2018-16548 | Med | 6.5 | < 0.13.69-3.10.1 | 0.13.69-3.10.1 | Sep 5, 2018 | An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. |
- affected < 0.13.69-3.3.1fixed 0.13.69-3.3.1
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
- affected < 0.13.69-3.10.1fixed 0.13.69-3.10.1
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.