CVE-2017-5975

Published Mar 1, 2017

Last updated 4 years ago

Overview

Description: Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-787

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1841073D-FDC1-4C4C-942B-C1023AF095B8"
          },
          {
            "criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73ABDDD8-01CD-4C05-B244-2E39686C8718"
          },
          {
            "criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B31647EC-7D88-4403-8A6D-AF38B04D805D"
          },
          {
            "criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.59:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40824919-36F5-46EE-A4ED-EEBD8E7CF266"
          },
          {
            "criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.60:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A8F5617-E394-4738-ACF9-39A2FD41303A"
          },
          {
            "criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.61:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA5341B7-D103-4E9C-9E99-02AD2E4ECF0E"
          },
          {
            "criteria": "cpe:2.3:a:zziplib_project:zziplib:0.13.62:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CA062FB-02EE-42A6-9CBE-3FA651F7AC25"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References