1. CVE-Search
  2. CVE-2019-16892
ID CVE-2019-16892
Summary In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
References
Vulnerable Configurations
  • cpe:2.3:a:rubyzip_project:rubyzip:-:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:-:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:-:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:-:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.5:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.5:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.7:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.7:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.8:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.8:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:0.9.9:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:0.9.9:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:beta1:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.0.0:beta1:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.4:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.5:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.5:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.6:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.6:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.1.7:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.1.7:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyzip_project:rubyzip:1.2.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:rubyzip_project:rubyzip:1.2.4:*:*:*:*:ruby:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:5.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms:5.11:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 28-12-2023 - 17:04)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • rhsa
    id RHBA-2019:4047
  • rhsa
    id RHSA-2019:4201
rpms
  • cfme-0:5.10.13.1-1.el7cf
  • cfme-amazon-smartstate-0:5.10.13.1-1.el7cf
  • cfme-appliance-0:5.10.13.1-1.el7cf
  • cfme-appliance-common-0:5.10.13.1-1.el7cf
  • cfme-appliance-debuginfo-0:5.10.13.1-1.el7cf
  • cfme-appliance-tools-0:5.10.13.1-1.el7cf
  • cfme-debuginfo-0:5.10.13.1-1.el7cf
  • cfme-gemset-0:5.10.13.1-1.el7cf
  • cfme-gemset-debuginfo-0:5.10.13.1-1.el7cf
  • ruby-0:2.4.9-93.el7cf
  • ruby-debuginfo-0:2.4.9-93.el7cf
  • ruby-devel-0:2.4.9-93.el7cf
  • ruby-doc-0:2.4.9-93.el7cf
  • ruby-irb-0:2.4.9-93.el7cf
  • ruby-libs-0:2.4.9-93.el7cf
  • rubygem-bigdecimal-0:1.3.2-93.el7cf
  • rubygem-did_you_mean-0:1.1.0-93.el7cf
  • rubygem-io-console-0:0.4.6-93.el7cf
  • rubygem-minitest-0:5.10.1-93.el7cf
  • rubygem-net-telnet-0:0.1.1-93.el7cf
  • rubygem-openssl-0:2.0.9-93.el7cf
  • rubygem-power_assert-0:0.4.1-93.el7cf
  • rubygem-psych-0:2.2.2-93.el7cf
  • rubygem-rake-0:12.0.0-93.el7cf
  • rubygem-rdoc-0:5.0.1-93.el7cf
  • rubygem-test-unit-0:3.2.3-93.el7cf
  • rubygem-xmlrpc-0:0.2.1-93.el7cf
  • rubygems-0:2.6.14.4-93.el7cf
  • rubygems-devel-0:2.6.14.4-93.el7cf
  • cfme-0:5.11.1.2-1.el8cf
  • cfme-amazon-smartstate-0:5.11.1.2-1.el8cf
  • cfme-appliance-0:5.11.1.2-1.el8cf
  • cfme-appliance-common-0:5.11.1.2-1.el8cf
  • cfme-appliance-tools-0:5.11.1.2-1.el8cf
  • cfme-gemset-0:5.11.1.2-1.el8cf
  • ovirt-ansible-hosted-engine-setup-0:1.0.28-1.el8ev
  • v2v-conversion-host-ansible-0:1.15.0-1.el8ev
refmap via4
fedora
  • FEDORA-2019-0182d0b304
  • FEDORA-2019-52445dce42
  • FEDORA-2019-8ecd991303
misc https://github.com/rubyzip/rubyzip/pull/403
Last major update 28-12-2023 - 17:04
Published 25-09-2019 - 22:15
Last modified 28-12-2023 - 17:04
Back to Top