CVE-2017-5981 : seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.

Published 2017-03-01 15:59:01

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2017-5981

Zziplib Project » Zziplib » Version: 0.13.62
cpe:2.3:a:zziplib_project:zziplib:0.13.62:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 61 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Assigned by: nvd@nist.gov (Primary)

http://www.securityfocus.com/bid/96268

ZZIPlib Multiple Heap Buffer Overflow and Denial of Service Vulnerabilites

CVEs referencing this url
https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/

zziplib: assertion failure in seeko.c | agostino's blog
Exploit;Third Party Advisory
http://www.debian.org/security/2017/dsa-3878

Debian -- Security Information -- DSA-3878-1 zziplib

CVEs referencing this url

Jump to