Your submission was sent successfully! Close

CVE-2020-18442

Published: 18 June 2021

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".

Priority

Low

CVSS 3 base score: 3.3

Status

Package Release Status
zziplib
Launchpad, Ubuntu, Debian
Upstream
Released (0.13.72+dfsg.1-1)
Ubuntu 21.10 (Impish Indri) Needs triage

Ubuntu 21.04 (Hirsute Hippo) Ignored
(reached end-of-life)
Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/gdraheim/zziplib/commit/ac9ae39ef419e9f0f83da1e583314d8c7cda34a6
Upstream: https://github.com/gdraheim/zziplib/commit/7e786544084548da7fcfcd9090d3c4e7f5777f7e
Upstream: https://github.com/gdraheim/zziplib/commit/d453977f59ca59c61bf59dec28dd724498828f2a
Upstream: https://github.com/gdraheim/zziplib/commit/0a9db9ded9d15fbdb63bf5cf451920d0a368c00e
Upstream: https://github.com/gdraheim/zziplib/commit/a34a96fbda1e58fbec5c79f4c0b5063e031ce11d
Upstream: https://github.com/gdraheim/zziplib/commit/fa1f78abe1b08544061204019016809664f2618c
Upstream: https://github.com/gdraheim/zziplib/commit/f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7