Vulnerability CVE-2017-12858

Vulnerability Name:

CVE-2017-12858 (CCN-130898)

Assigned:

2017-08-15

Published:

2017-08-15

Updated:

2022-05-25

Summary:

Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-415

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2017-12858

Source: BID
Type: Third Party Advisory, VDB Entry
100459

Source: CCN
Type: BID-100459
libzip CVE-2017-12858 Double Free Local Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
libzip-cve201712858-unspecified(130898)

Source: CCN
Type: libzip GIT Repository
Fix double free()

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-12858

Vulnerable Configuration:

Configuration 1:

cpe:/a:libzip:libzip:1.2.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libzip:libzip:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201712858	V	CVE-2017-12858	2023-06-22
oval:org.opensuse.security:def:7708	P	libzip-devel-1.8.0-150400.1.7 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3115	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94745	P	libzip-devel-1.8.0-150400.1.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:220	P	libvirt-libs-7.1.0-4.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:235	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:511	P	Security update for kernel-firmware (Important)	2022-06-02
oval:org.opensuse.security:def:1164	P	Security update for python39 (Moderate)	2022-05-02
oval:org.opensuse.security:def:112940	P	libzip-devel-1.8.0-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:827	P	Security update for clamav (Moderate)	2021-12-06
oval:org.opensuse.security:def:106394	P	libzip-devel-1.8.0-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96720	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103410	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89755	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71341	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61600	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:69919	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:47733	P	liblcms1-1.19-17.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47070	P	libqt4-32bit-4.8.6-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47032	P	libipa_hbac0-1.13.4-18.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47969	P	ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48031	P	gstreamer-1.8.3-9.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47294	P	java-1_7_0-openjdk-1.7.0.141-42.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47047	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48158	P	libnm-glib-vpn1-1.0.12-13.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47656	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47361	P	libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48260	P	patch-2.7.5-8.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47802	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47585	P	cups-filters-1.0.58-19.2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47898	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47947	P	apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47202	P	apache-commons-httpclient-3.1-4.364 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47033	P	libjansson4-2.7-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48093	P	libapr1-1.5.1-4.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47442	P	mailman-2.1.17-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47168	P	tomcat-8.0.36-11.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48189	P	libsaml8-2.5.5-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47740	P	libmicrohttpd10-0.9.30-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47493	P	rrdtool-1.4.7-20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47867	P	python-libxml2-2.9.4-46.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:71994	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62253	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48661	P	ImageMagick-6.8.8.1-5.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48952	P	libvpx1-32bit-1.3.0-3.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46742	P	liblcms1-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71050	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46877	P	xorg-x11-server-7.6_1.15.2-36.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71111	P	tcpdump-4.9.2-1.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48607	P	python-libxml2-2.9.4-27.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61309	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70998	P	libnm0-1.10.6-3.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46741	P	libksba8-1.3.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48898	P	dia-0.97.3-15.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46756	P	libpng12-0-1.2.50-8.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:67758	P	Security update for the Linux Kernel (Important)	2021-05-12
oval:org.opensuse.security:def:69814	P	Security update for libzypp, zypper (Moderate)	2021-03-25
oval:org.opensuse.security:def:64324	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:100596	P	(Moderate)	2021-01-13
oval:org.opensuse.security:def:61916	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116820	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107262	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93883	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71657	P	libzip-devel-1.5.1-1.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49214	P	libpcre2-16-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66563	P	libzip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49268	P	libzip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66471	P	libipa_hbac-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73254	P	libzip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64411	P	libzip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67658	P	libXv-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73136	P	libXrender-devel on GA media (Moderate)	2020-12-01
oval:com.ubuntu.trusty:def:201712858000	V	CVE-2017-12858 on Ubuntu 14.04 LTS (trusty) - untriaged.	2017-08-23
oval:com.ubuntu.xenial:def:201712858000	V	CVE-2017-12858 on Ubuntu 16.04 LTS (xenial) - untriaged.	2017-08-23
oval:com.ubuntu.xenial:def:2017128580000000	V	CVE-2017-12858 on Ubuntu 16.04 LTS (xenial) - untriaged.	2017-08-23

BACK