Vulnerability CVE-2018-7727

Vulnerability Name:

CVE-2018-7727 (CCN-139949)

Assigned:

2018-03-06

Published:

2018-03-06

Updated:

2019-10-03

Summary:

An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

3.3 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-772

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-7727

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:3229

Source: XF
Type: UNKNOWN
zziplib-cve20187727-dos(139949)

Source: CCN
Type: zziplib GIT Repository
There are memory leaks in zziplib v0.13.68 which is trigged in zzip_mem_disk_new(in zzip/memdisk.c:78) #40

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://github.com/gdraheim/zziplib/issues/40

Vulnerable Configuration:

Configuration 1:

cpe:/a:zziplib_project:zziplib:0.13.68:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20187727	V	CVE-2018-7727	2022-09-02
oval:org.opensuse.security:def:26169	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:57112	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:46963	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47499	P	sblim-sfcb-1.4.8-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47609	P	fontconfig-2.11.1-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47625	P	gnome-shell-3.20.4-77.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13778	P	avahi-0.6.32-30.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47154	P	squashfs-4.3-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47054	P	libnghttp2-14-1.7.1-1.84 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47680	P	libXp6-1.0.2-3.57 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47656	P	kernel-default-4.12.14-94.41.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47368	P	liblcms1-1.19-17.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47201	P	apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47514	P	tcpdump-4.9.0-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48318	P	sysstat-12.0.2-10.24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47727	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46916	P	cups-filters-1.0.58-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47452	P	openssh-7.2p2-69.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47415	P	libsystemd0-228-142.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47578	P	cpio-2.11-36.3.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47561	P	autofs-5.0.9-28.3.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47007	P	libapr1-1.5.1-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:57038	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:46506	P	libpolkit0-0.112-2.158 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48419	P	ft2demos-2.6.3-7.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46505	P	libpng16-16-1.6.8-2.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12797	P	python-requests-2.11.1-6.28.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46592	P	wget-1.14-4.80 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46519	P	libspice-client-glib-2_0-8-0.25-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46784	P	libvte9-0.28.2-17.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46639	P	cvs-1.12.12-181.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46459	P	libXi6-1.7.2-3.61 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46831	P	python-requests-2.3.0-6.5.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48372	P	at-3.1.14-7.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48365	P	apache-commons-beanutils-1.9.2-1.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46458	P	libXfont1-1.4.7-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13756	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46472	P	libblkid1-2.25-6.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26216	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:12920	P	ipsec-tools-0.8.0-19.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13054	P	libpython2_7-1_0-2.7.13-28.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13096	P	libwavpack1-4.60.99-5.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12805	P	libpacemaker3-1.1.21+20190809.bf34b44fa-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12935	P	lcms2-2.7-9.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13105	P	libykcs11-1-1.5.0-3.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12827	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12954	P	libXinerama1-1.1.3-3.54 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13118	P	mutt-1.10.1-55.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12873	P	ecryptfs-utils-103-8.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13029	P	libneon27-0.30.0-3.64 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:24764	P	Security update for libqt5-qtimageformats (Moderate)	2020-12-01
oval:org.opensuse.security:def:55762	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18048	P	Security update for util-linux (Moderate)	2020-12-01
oval:org.opensuse.security:def:18282	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:18150	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:18359	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24774	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25100	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:25091	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25433	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:19043	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:54639	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55369	P	qemu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18592	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25487	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:25520	P	Security update for krb5-appl (Important)	2020-12-01
oval:org.opensuse.security:def:26251	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:55569	P	Security update for p7zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:24811	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:18105	P	Security update for systemd, dracut (Important)	2020-12-01
oval:org.opensuse.security:def:18314	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:18235	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:18469	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:24837	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25183	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:24821	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25147	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18371	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:19069	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:54239	P	libXext6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54812	P	java-1_7_0-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55477	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:19230	P	Security update for accountsservice (Moderate)	2020-12-01
oval:org.opensuse.security:def:17921	P	Security update for lhasa (Moderate)	2020-12-01
oval:org.opensuse.security:def:25531	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25534	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:55643	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:17929	P	Security update for subversion (Moderate)	2020-12-01
oval:org.opensuse.security:def:18136	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:54238	P	libXcursor1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18292	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18501	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:24963	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:25333	P	Security update for apache-commons-httpclient (Important)	2020-12-01
oval:org.opensuse.security:def:24884	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25230	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:18383	P	Security update for graphite2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54261	P	libexif12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54918	P	libqt4-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18558	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:19256	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:18108	P	Security update for libquicktime (Moderate)	2020-12-01
oval:org.opensuse.security:def:25578	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:55681	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:17963	P	Security update for opus (Important)	2020-12-01
oval:org.opensuse.security:def:18172	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:18116	P	Security update for nasm (Moderate)	2020-12-01
oval:org.opensuse.security:def:18323	P	Recommended update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25044	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25386	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25010	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:25380	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18405	P	Security update for nasm (Moderate)	2020-12-01
oval:org.opensuse.security:def:54401	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55084	P	cups-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18570	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25473	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:127449	P	Security update for zziplib (Moderate)	2019-12-19
oval:org.opensuse.security:def:79746	P	Security update for zziplib (Moderate)	2019-12-19
oval:org.opensuse.security:def:124981	P	Security update for zziplib (Moderate)	2019-12-19
oval:org.opensuse.security:def:126026	P	Security update for zziplib (Moderate)	2019-12-19
oval:com.redhat.rhsa:def:20183229	P	RHSA-2018:3229: zziplib security update (Low)	2018-10-30
oval:com.ubuntu.bionic:def:201877270000000	V	CVE-2018-7727 on Ubuntu 18.04 LTS (bionic) - low.	2018-03-06
oval:com.ubuntu.trusty:def:20187727000	V	CVE-2018-7727 on Ubuntu 14.04 LTS (trusty) - low.	2018-03-06
oval:com.ubuntu.xenial:def:201877270000000	V	CVE-2018-7727 on Ubuntu 16.04 LTS (xenial) - low.	2018-03-06
oval:com.ubuntu.artful:def:20187727000	V	CVE-2018-7727 on Ubuntu 17.10 (artful) - low.	2018-03-06
oval:com.ubuntu.xenial:def:20187727000	V	CVE-2018-7727 on Ubuntu 16.04 LTS (xenial) - low.	2018-03-06
oval:com.ubuntu.disco:def:201877270000000	V	CVE-2018-7727 on Ubuntu 19.04 (disco) - low.	2018-03-06
oval:com.ubuntu.bionic:def:20187727000	V	CVE-2018-7727 on Ubuntu 18.04 LTS (bionic) - low.	2018-03-06
oval:com.ubuntu.cosmic:def:201877270000000	V	CVE-2018-7727 on Ubuntu 18.10 (cosmic) - low.	2018-03-06
oval:com.ubuntu.cosmic:def:20187727000	V	CVE-2018-7727 on Ubuntu 18.10 (cosmic) - low.	2018-03-06

BACK