Vulnerability Details CVE-2018-1000637
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://bugs.debian.org/904819
- https://lists.debian.org/debian-lts-announce/2018/09/msg00016.html
- https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
- https://bugs.debian.org/904819
- https://lists.debian.org/debian-lts-announce/2018/09/msg00016.html
- https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
Products affected by CVE-2018-1000637
-
cpe:2.3:a:nongnu:zutils:0.2
-
cpe:2.3:a:nongnu:zutils:0.3
-
cpe:2.3:a:nongnu:zutils:0.4
-
cpe:2.3:a:nongnu:zutils:0.5
-
cpe:2.3:a:nongnu:zutils:0.6
-
cpe:2.3:a:nongnu:zutils:0.7
-
cpe:2.3:a:nongnu:zutils:0.8
-
cpe:2.3:a:nongnu:zutils:0.9
-
cpe:2.3:a:nongnu:zutils:1.0
-
cpe:2.3:a:nongnu:zutils:1.1
-
cpe:2.3:a:nongnu:zutils:1.2
-
cpe:2.3:a:nongnu:zutils:1.3
-
cpe:2.3:a:nongnu:zutils:1.4
-
cpe:2.3:a:nongnu:zutils:1.5
-
cpe:2.3:a:nongnu:zutils:1.6
-
cpe:2.3:a:nongnu:zutils:1.7
-
cpe:2.3:a:nongnu:zutils:1.8
-
cpe:2.3:o:debian:debian_linux:8.0