VIR Vulnerability Intelligence Relay

CVE-2020-18770

medium
Published 2024-04-30 Β· Modified 2024-05-22
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2024:3127: zziplib security update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8zziplib-0:0.13.68-13.el8_10RHSA-2024:31272024-05-22T00:00:00Z Red Hat Enterprise Linux 9zziplib-0:0.13.71-11.el9_4RHSA-2024:23772024-04-30T00:00:00Z Package state…

Description

zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c

CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8zziplib-0:0.13.68-13.el8_10RHSA-2024:31272024-05-22T00:00:00Z
Red Hat Enterprise Linux 9zziplib-0:0.13.71-11.el9_4RHSA-2024:23772024-04-30T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 7zziplibOut of support scope

Apply commands

bash fix
Apply RHSA-2024:3127 for Red Hat Enterprise Linux 8
yum update -y zziplib
# or:
dnf upgrade -y zziplib

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
debian Debian Mixed 5 releases
VersionStatusFixed in
trixie Fixed 0.13.78+dfsg.1-0.1
sid Fixed 0.13.78+dfsg.1-0.1
forky Fixed 0.13.78+dfsg.1-0.1
bullseye Affected β€”
bookworm Affected β€”
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
9 Fixed zziplib-0.13.71-11.el9_4.aarch64.rpm
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”
rockylinux Rocky Linux Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.