Fedora 28 update for zziplib

1) Heap-based buffer overflow

EUVDB-ID: #VU33256

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-5974

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62. A remote attacker can use a crafted ZIP file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU33257

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-5975

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62. A remote attacker can use a crafted ZIP file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU33258

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-5976

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62. A remote attacker can use a crafted ZIP file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU33259

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-5977

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU33260

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-5978

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU33261

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-5979

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ZIP file.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU39597

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-5980

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ZIP file.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Reachable Assertion

EUVDB-ID: #VU33262

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-5981

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory corruption

EUVDB-ID: #VU11085

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-7726

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the __zzip_parse_root_directory function due to boundary error. A local attacker can supply a specially crafted .zip file to be processed, trigger a bus error and cause the service to crash.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Memory corruption

EUVDB-ID: #VU11083

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-7727

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the zzip_mem_disk_new function due to boundary error. A local attacker can send a specially crafted input, trigger memory leaks and cause the service to crash.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Memory corruption

EUVDB-ID: #VU11557

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-6541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in __zzip_fetch_disk_trailer in zzip/zip.c due to bus error caused by loading of a misaligned address when handling disk64_trailer local entries. A remote attacker can submit a specially crafted zip file, trigger memory corruption and cause the service to crash.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

zziplib: before 0.13.69-1.fc28

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:zziplib:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-237e9b550c

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.