CVE-2018-7727

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2018-7727
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://github.com/gdraheim/zziplib/issues/40 Exploit Issue Tracking Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3229 Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:zziplib_project:zziplib:0.13.68:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Information

Published : 2018-03-06 09:29

Updated : 2019-10-02 17:03

NVD link : CVE-2018-7727

Mitre link : CVE-2018-7727

JSON object : View

CWE
CWE-772

Missing Release of Resource after Effective Lifetime

Advertisement

dedicated server usa
Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux_workstation

zziplib_project

  • zziplib