CVE-2018-13410 - Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a den

CVE-2018-13410

Summary

Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands

References

http://seclists.org/fulldisclosure/2018/Jul/24

Vulnerable Configurations

cpe:2.3:a:info-zip_project:zip:3.0:*:*:*:*:*:*:*
cpe:2.3:a:info-zip_project:zip:3.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-04-2024 - 01:00)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

http://seclists.org/fulldisclosure/2018/Jul/24

Last major update

11-04-2024 - 01:00

Published

06-07-2018 - 19:29

Last modified

11-04-2024 - 01:00