Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for libzip by nih
CVE-2015-2331 (GCVE-0-2015-2331)
Vulnerability from nvd – Published: 2015-03-30 10:00 – Updated: 2024-08-06 05:10
VLAI
Summary
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2015-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5"
},
{
"name": "openSUSE-SU-2015:0615",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "openSUSE-SU-2015:0644",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"name": "FEDORA-2015-4699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html"
},
{
"name": "FEDORA-2015-4556",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBMU03380",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"name": "MDVSA-2015:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SSRT102066",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"name": "FEDORA-2015-4559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2015-4565",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=69253"
},
{
"name": "FEDORA-2015-4669",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.nih.at/libzip/rev/9f11d54f692e"
},
{
"name": "FEDORA-2015-4553",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html"
},
{
"name": "1031985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031985"
},
{
"name": "HPSBUX03337",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5"
},
{
"name": "openSUSE-SU-2015:0615",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "openSUSE-SU-2015:0644",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"name": "FEDORA-2015-4699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html"
},
{
"name": "FEDORA-2015-4556",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBMU03380",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"name": "MDVSA-2015:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SSRT102066",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"name": "FEDORA-2015-4559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2015-4565",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=69253"
},
{
"name": "FEDORA-2015-4669",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.nih.at/libzip/rev/9f11d54f692e"
},
{
"name": "FEDORA-2015-4553",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html"
},
{
"name": "1031985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031985"
},
{
"name": "HPSBUX03337",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3198",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5"
},
{
"name": "openSUSE-SU-2015:0615",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "openSUSE-SU-2015:0644",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"name": "FEDORA-2015-4699",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html"
},
{
"name": "FEDORA-2015-4556",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBMU03380",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"name": "MDVSA-2015:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SSRT102066",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"name": "FEDORA-2015-4559",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2015-4565",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html"
},
{
"name": "https://bugs.php.net/bug.php?id=69253",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69253"
},
{
"name": "FEDORA-2015-4669",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html"
},
{
"name": "http://hg.nih.at/libzip/rev/9f11d54f692e",
"refsource": "CONFIRM",
"url": "http://hg.nih.at/libzip/rev/9f11d54f692e"
},
{
"name": "FEDORA-2015-4553",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html"
},
{
"name": "1031985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031985"
},
{
"name": "HPSBUX03337",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2331",
"datePublished": "2015-03-30T10:00:00.000Z",
"dateReserved": "2015-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:10:16.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1163 (GCVE-0-2012-1163)
Vulnerability from nvd – Published: 2012-07-12 20:00 – Updated: 2024-09-17 00:26
VLAI
Summary
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://nih.at/listarchive/libzip-discuss/msg00252.html | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/03/21/2 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.nih.at/libzip/NEWS.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://www.gentoo.org/security/en/glsa/glsa-20120… | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:35.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-12T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"refsource": "MLIST",
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"name": "http://www.nih.at/libzip/NEWS.html",
"refsource": "CONFIRM",
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1163",
"datePublished": "2012-07-12T20:00:00.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:22.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1162 (GCVE-0-2012-1162)
Vulnerability from nvd – Published: 2012-07-12 20:00 – Updated: 2024-09-16 20:37
VLAI
Summary
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://nih.at/listarchive/libzip-discuss/msg00252.html | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/03/21/2 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.nih.at/libzip/NEWS.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://www.gentoo.org/security/en/glsa/glsa-20120… | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:35.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-12T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"refsource": "MLIST",
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"name": "http://www.nih.at/libzip/NEWS.html",
"refsource": "CONFIRM",
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1162",
"datePublished": "2012-07-12T20:00:00.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:08.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2331 (GCVE-0-2015-2331)
Vulnerability from cvelistv5 – Published: 2015-03-30 10:00 – Updated: 2024-08-06 05:10
VLAI
Summary
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2015-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5"
},
{
"name": "openSUSE-SU-2015:0615",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "openSUSE-SU-2015:0644",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"name": "FEDORA-2015-4699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html"
},
{
"name": "FEDORA-2015-4556",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBMU03380",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"name": "MDVSA-2015:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SSRT102066",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"name": "FEDORA-2015-4559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2015-4565",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=69253"
},
{
"name": "FEDORA-2015-4669",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.nih.at/libzip/rev/9f11d54f692e"
},
{
"name": "FEDORA-2015-4553",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html"
},
{
"name": "1031985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031985"
},
{
"name": "HPSBUX03337",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5"
},
{
"name": "openSUSE-SU-2015:0615",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "openSUSE-SU-2015:0644",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"name": "FEDORA-2015-4699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html"
},
{
"name": "FEDORA-2015-4556",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBMU03380",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"name": "MDVSA-2015:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SSRT102066",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"name": "FEDORA-2015-4559",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2015-4565",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=69253"
},
{
"name": "FEDORA-2015-4669",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.nih.at/libzip/rev/9f11d54f692e"
},
{
"name": "FEDORA-2015-4553",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html"
},
{
"name": "1031985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031985"
},
{
"name": "HPSBUX03337",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3198",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5"
},
{
"name": "openSUSE-SU-2015:0615",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "openSUSE-SU-2015:0644",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"name": "FEDORA-2015-4699",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html"
},
{
"name": "FEDORA-2015-4556",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "HPSBMU03380",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"name": "MDVSA-2015:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "SSRT102066",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"name": "FEDORA-2015-4559",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "FEDORA-2015-4565",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html"
},
{
"name": "https://bugs.php.net/bug.php?id=69253",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69253"
},
{
"name": "FEDORA-2015-4669",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html"
},
{
"name": "http://hg.nih.at/libzip/rev/9f11d54f692e",
"refsource": "CONFIRM",
"url": "http://hg.nih.at/libzip/rev/9f11d54f692e"
},
{
"name": "FEDORA-2015-4553",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html"
},
{
"name": "1031985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031985"
},
{
"name": "HPSBUX03337",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2331",
"datePublished": "2015-03-30T10:00:00.000Z",
"dateReserved": "2015-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:10:16.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1163 (GCVE-0-2012-1163)
Vulnerability from cvelistv5 – Published: 2012-07-12 20:00 – Updated: 2024-09-17 00:26
VLAI
Summary
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://nih.at/listarchive/libzip-discuss/msg00252.html | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/03/21/2 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.nih.at/libzip/NEWS.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://www.gentoo.org/security/en/glsa/glsa-20120… | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:35.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-12T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"refsource": "MLIST",
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"name": "http://www.nih.at/libzip/NEWS.html",
"refsource": "CONFIRM",
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1163",
"datePublished": "2012-07-12T20:00:00.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:22.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1162 (GCVE-0-2012-1162)
Vulnerability from cvelistv5 – Published: 2012-07-12 20:00 – Updated: 2024-09-16 20:37
VLAI
Summary
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://nih.at/listarchive/libzip-discuss/msg00252.html | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/03/21/2 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.nih.at/libzip/NEWS.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://www.gentoo.org/security/en/glsa/glsa-20120… | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:35.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-12T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"refsource": "MLIST",
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"name": "http://www.nih.at/libzip/NEWS.html",
"refsource": "CONFIRM",
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1162",
"datePublished": "2012-07-12T20:00:00.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:08.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}