Note:
This project will be discontinued after December 13, 2021. [more]
2018-09-05
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.
| Products | Zziplib |
| Type | Missing Release of Resource after Effective Lifetime (CWE-772) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://access.redhat.com/errata/RHSA-2019:2196
• https://github.com/gdraheim/zziplib/issues/58 • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00066.html • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00065.html • https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html |