Main Vulnerability Database Vulnerabilities #VU33026

Buffer overflow - CVE-2018-1000637

Published: August 20, 2018 / Updated: August 3, 2020

Vulnerability identifier: #VU33026

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1000637

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.

How to mitigate CVE-2018-1000637

Install update from vendor's website.

Sources

https://bugs.debian.org/904819
https://lists.debian.org/debian-lts-announce/2018/09/msg00016.html
https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html

Buffer overflow - CVE-2018-1000637

Detailed vulnerability description

How to mitigate CVE-2018-1000637

Sources

Please verify you're human