Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 660606 (CVE-2018-13410) - app-arch/zip: Denial of Service
Summary: app-arch/zip: Denial of Service
Alias: CVE-2018-13410
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2018-07-07 17:46 UTC by Florian Schuhmacher
Modified: 2019-04-27 05:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Florian Schuhmacher 2018-07-07 17:46:24 UTC
** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands.

Gentoo Security Scout
Florian Schuhmacher
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 05:12:44 UTC
This is disputed, not only by upstream but by most other distress.