Vulnerability Details CVE-2020-18442
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.2%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 2.1
References
- https://github.com/gdraheim/zziplib/issues/68
- https://lists.debian.org/debian-lts-announce/2021/12/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCFYD46OY4VAGJ4UX7IFOH5SHD4UW4ZA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVANTEBDQGOIPC5KCEVAGA5KT4KKTGWB/
- https://github.com/gdraheim/zziplib/issues/68
- https://lists.debian.org/debian-lts-announce/2021/12/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCFYD46OY4VAGJ4UX7IFOH5SHD4UW4ZA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVANTEBDQGOIPC5KCEVAGA5KT4KKTGWB/
Products affected by CVE-2020-18442
-
cpe:2.3:a:gdraheim:zziplib:0.13.69
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35