Vulnerability Name:

CVE-2018-7727 (CCN-139949)

Assigned:2018-03-06
Published:2018-03-06
Updated:2019-10-03
Summary:An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
3.3 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-772
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-7727

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:3229

Source: XF
Type: UNKNOWN
zziplib-cve20187727-dos(139949)

Source: CCN
Type: zziplib GIT Repository
There are memory leaks in zziplib v0.13.68 which is trigged in zzip_mem_disk_new(in zzip/memdisk.c:78) #40

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://github.com/gdraheim/zziplib/issues/40

Vulnerable Configuration:Configuration 1:
  • cpe:/a:zziplib_project:zziplib:0.13.68:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20187727
    V
    CVE-2018-7727
    2022-09-02
    oval:org.opensuse.security:def:26169
    P
    Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:57112
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:46963
    P
    gv-3.7.4-1.36 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47499
    P
    sblim-sfcb-1.4.8-16.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47609
    P
    fontconfig-2.11.1-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47625
    P
    gnome-shell-3.20.4-77.17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13778
    P
    avahi-0.6.32-30.36 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47154
    P
    squashfs-4.3-6.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47054
    P
    libnghttp2-14-1.7.1-1.84 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47680
    P
    libXp6-1.0.2-3.57 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47656
    P
    kernel-default-4.12.14-94.41.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47368
    P
    liblcms1-1.19-17.28 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47201
    P
    apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47514
    P
    tcpdump-4.9.0-13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48318
    P
    sysstat-12.0.2-10.24.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47727
    P
    libjbig2-2.0-12.13 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:46916
    P
    cups-filters-1.0.58-13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47452
    P
    openssh-7.2p2-69.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47415
    P
    libsystemd0-228-142.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47578
    P
    cpio-2.11-36.3.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47561
    P
    autofs-5.0.9-28.3.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47007
    P
    libapr1-1.5.1-2.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:57038
    P
    Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:46506
    P
    libpolkit0-0.112-2.158 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48419
    P
    ft2demos-2.6.3-7.8.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46505
    P
    libpng16-16-1.6.8-2.15 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12797
    P
    python-requests-2.11.1-6.28.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46592
    P
    wget-1.14-4.80 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46519
    P
    libspice-client-glib-2_0-8-0.25-3.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46784
    P
    libvte9-0.28.2-17.83 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46639
    P
    cvs-1.12.12-181.63 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46459
    P
    libXi6-1.7.2-3.61 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46831
    P
    python-requests-2.3.0-6.5.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48372
    P
    at-3.1.14-7.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48365
    P
    apache-commons-beanutils-1.9.2-1.27 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46458
    P
    libXfont1-1.4.7-2.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:13756
    P
    xorg-x11-libs-7.6-45.14 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46472
    P
    libblkid1-2.25-6.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26216
    P
    Security update for MozillaFirefox (Important)
    2021-03-31
    oval:org.opensuse.security:def:26204
    P
    Security update for freeradius-server (Low)
    2021-03-04
    oval:org.opensuse.security:def:12920
    P
    ipsec-tools-0.8.0-19.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:13054
    P
    libpython2_7-1_0-2.7.13-28.31.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:13096
    P
    libwavpack1-4.60.99-5.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:12805
    P
    libpacemaker3-1.1.21+20190809.bf34b44fa-1.17 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:12935
    P
    lcms2-2.7-9.7.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:13105
    P
    libykcs11-1-1.5.0-3.16 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:12827
    P
    apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:12954
    P
    libXinerama1-1.1.3-3.54 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:13118
    P
    mutt-1.10.1-55.6.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:12873
    P
    ecryptfs-utils-103-8.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:13029
    P
    libneon27-0.30.0-3.64 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:24764
    P
    Security update for libqt5-qtimageformats (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55762
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:18048
    P
    Security update for util-linux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18282
    P
    Security update for git (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18150
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:18359
    P
    Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24774
    P
    Security update for spice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25100
    P
    Security update for qemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:25091
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25433
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:19043
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:54639
    P
    openssh on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55369
    P
    qemu on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18592
    P
    Security update for systemd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25487
    P
    Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25520
    P
    Security update for krb5-appl (Important)
    2020-12-01
    oval:org.opensuse.security:def:26251
    P
    Security update for zziplib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55569
    P
    Security update for p7zip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24811
    P
    Security update for sudo (Important)
    2020-12-01
    oval:org.opensuse.security:def:18105
    P
    Security update for systemd, dracut (Important)
    2020-12-01
    oval:org.opensuse.security:def:18314
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18235
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:18469
    P
    Security update for xorg-x11-server (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24837
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25183
    P
    Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24821
    P
    Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25147
    P
    Security update for libqt4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18371
    P
    Security update for libvorbis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19069
    P
    Security update for zziplib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54239
    P
    libXext6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54812
    P
    java-1_7_0-openjdk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55477
    P
    Security update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19230
    P
    Security update for accountsservice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17921
    P
    Security update for lhasa (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25531
    P
    Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25534
    P
    Security update for adns (Important)
    2020-12-01
    oval:org.opensuse.security:def:55643
    P
    Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17929
    P
    Security update for subversion (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18136
    P
    Security update for expat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54238
    P
    libXcursor1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18292
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:18501
    P
    Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:24963
    P
    Security update for dnsmasq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25333
    P
    Security update for apache-commons-httpclient (Important)
    2020-12-01
    oval:org.opensuse.security:def:24884
    P
    Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25230
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:18383
    P
    Security update for graphite2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54261
    P
    libexif12 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54918
    P
    libqt4-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18558
    P
    Security update for libgcrypt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19256
    P
    Security update for zziplib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18108
    P
    Security update for libquicktime (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25578
    P
    Security update for python-ipaddress (Important)
    2020-12-01
    oval:org.opensuse.security:def:55681
    P
    Security update for libssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17963
    P
    Security update for opus (Important)
    2020-12-01
    oval:org.opensuse.security:def:18172
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:18116
    P
    Security update for nasm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18323
    P
    Recommended update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25044
    P
    Security update for dhcp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25386
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25010
    P
    Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25380
    P
    Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18405
    P
    Security update for nasm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54401
    P
    wireshark on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55084
    P
    cups-filters on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18570
    P
    Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25473
    P
    Security update for strongswan (Important)
    2020-12-01
    oval:org.opensuse.security:def:127449
    P
    Security update for zziplib (Moderate)
    2019-12-19
    oval:org.opensuse.security:def:79746
    P
    Security update for zziplib (Moderate)
    2019-12-19
    oval:org.opensuse.security:def:124981
    P
    Security update for zziplib (Moderate)
    2019-12-19
    oval:org.opensuse.security:def:126026
    P
    Security update for zziplib (Moderate)
    2019-12-19
    oval:com.redhat.rhsa:def:20183229
    P
    RHSA-2018:3229: zziplib security update (Low)
    2018-10-30
    oval:com.ubuntu.bionic:def:201877270000000
    V
    CVE-2018-7727 on Ubuntu 18.04 LTS (bionic) - low.
    2018-03-06
    oval:com.ubuntu.trusty:def:20187727000
    V
    CVE-2018-7727 on Ubuntu 14.04 LTS (trusty) - low.
    2018-03-06
    oval:com.ubuntu.xenial:def:201877270000000
    V
    CVE-2018-7727 on Ubuntu 16.04 LTS (xenial) - low.
    2018-03-06
    oval:com.ubuntu.artful:def:20187727000
    V
    CVE-2018-7727 on Ubuntu 17.10 (artful) - low.
    2018-03-06
    oval:com.ubuntu.xenial:def:20187727000
    V
    CVE-2018-7727 on Ubuntu 16.04 LTS (xenial) - low.
    2018-03-06
    oval:com.ubuntu.disco:def:201877270000000
    V
    CVE-2018-7727 on Ubuntu 19.04 (disco) - low.
    2018-03-06
    oval:com.ubuntu.bionic:def:20187727000
    V
    CVE-2018-7727 on Ubuntu 18.04 LTS (bionic) - low.
    2018-03-06
    oval:com.ubuntu.cosmic:def:201877270000000
    V
    CVE-2018-7727 on Ubuntu 18.10 (cosmic) - low.
    2018-03-06
    oval:com.ubuntu.cosmic:def:20187727000
    V
    CVE-2018-7727 on Ubuntu 18.10 (cosmic) - low.
    2018-03-06
    BACK
    zziplib_project zziplib 0.13.68
    redhat enterprise linux desktop 7.0
    redhat enterprise linux server 7.0
    redhat enterprise linux workstation 7.0