Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1163

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-1163
Last Modified 16 Jul 2012 12:00:00
Published 12 Jul 2012 04:55:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1163

Summary

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.

Vulnerable Systems

Application

  • Nih Libzip 0.10


References

MLIST - [oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip

MLIST - [oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip

CONFIRM - http://www.nih.at/libzip/NEWS.html

MANDRIVA - MDVSA-2012:034

GENTOO - GLSA-201203-23

MLIST - [libzip-discuss] 20120320 libzip-0.10.1 security fix release


Last Updated: 27 May 2016 10:54:52