ID CVE-2018-6540
Summary In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
References
Vulnerable Configurations
  • cpe:2.3:a:zziplib_project:zziplib:0.13.67
    cpe:2.3:a:zziplib_project:zziplib:0.13.67
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-399
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0548-1.NASL
    description This update for zziplib fixes the following issues: Version update to 0.13.67 contains lots of bug- and security fixes. - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 107054
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107054
    title SUSE SLED12 Security Update : zziplib (SUSE-SU-2018:0548-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-215.NASL
    description This update for zziplib to 0.13.67 contains multiple bug and security fixes : - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-02-28
    plugin id 107049
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107049
    title openSUSE Security Update : zziplib (openSUSE-2018-215)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3699-1.NASL
    description It was discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110921
    published 2018-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110921
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : zziplib vulnerabilities (USN-3699-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7764B219814811E8AA4D000E0CD7B374.NASL
    description NIST reports (by search in the range 2017/01/01 - 2018/07/06) : 17 security fixes in this release : - Heap-based buffer overflow in the __zzip_get32 function in fetch.c. - Heap-based buffer overflow in the __zzip_get64 function in fetch.c. - Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c. - The zzip_mem_entry_new function in memdisk.c allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. - The prescan_entry function in fseeko.c allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted ZIP file. - The zzip_mem_entry_new function in memdisk.c cause a NULL pointer dereference and crash via a crafted ZIP file. - seeko.c cause a denial of service (assertion failure and crash) via a crafted ZIP file. - A segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data. - A memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. - A bus error caused by loading of a misaligned address in the zzip_disk_findfirst function. - An uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function. - An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. - A memory leak triggered in the function zzip_mem_disk_new in memdisk.c.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110969
    published 2018-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110969
    title FreeBSD : zziplib - multiple vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)
refmap via4
misc https://github.com/gdraheim/zziplib/issues/15
ubuntu USN-3699-1
Last major update 02-02-2018 - 04:29
Published 02-02-2018 - 04:29
Last modified 05-03-2019 - 09:04
Back to Top