Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-18442

Published: 18 June 2021

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".

Priority

Low

Cvss 3 Severity Score

3.3

Score breakdown

Status

Package Release Status
zziplib
Launchpad, Ubuntu, Debian
trusty Does not exist

groovy Ignored
(end of life)
hirsute Ignored
(end of life)
upstream
Released (0.13.72+dfsg.1-1)
kinetic Ignored
(end of life, was needs-triage)
bionic
Released (0.13.62-3.1ubuntu0.18.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (0.13.62-3.2ubuntu1.1)
xenial
Released (0.13.62-3ubuntu0.16.04.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
impish Ignored
(end of life)
lunar Not vulnerable
(0.13.72+dfsg.1-1.1)
jammy Not vulnerable
(0.13.72+dfsg.1-1.1)
Patches:
upstream: https://github.com/gdraheim/zziplib/commit/ac9ae39ef419e9f0f83da1e583314d8c7cda34a6
upstream: https://github.com/gdraheim/zziplib/commit/7e786544084548da7fcfcd9090d3c4e7f5777f7e
upstream: https://github.com/gdraheim/zziplib/commit/d453977f59ca59c61bf59dec28dd724498828f2a
upstream: https://github.com/gdraheim/zziplib/commit/0a9db9ded9d15fbdb63bf5cf451920d0a368c00e
upstream: https://github.com/gdraheim/zziplib/commit/a34a96fbda1e58fbec5c79f4c0b5063e031ce11d
upstream: https://github.com/gdraheim/zziplib/commit/fa1f78abe1b08544061204019016809664f2618c
upstream: https://github.com/gdraheim/zziplib/commit/f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7

Severity score breakdown

Parameter Value
Base score 3.3
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L