Nixpkgs security tracker

Untriaged

Permalink CVE-2008-0888

created 2 months ago Activity log

Created suggestion 2 months ago

The NEEDBITS macro in the inflate_dynamic function in inflate.c for …

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

References

29415 x_transferredx_refsource_SECUNIAthird-party-advisory
20080321 rPSA-2008-0116-1 unzip mailing-listx_transferredx_refsource_BUGTRAQ
29427 x_transferredx_refsource_SECUNIAthird-party-advisory
ADV-2008-1744 x_refsource_VUPENx_transferredvdb-entry
29440 x_transferredx_refsource_SECUNIAthird-party-advisory
DSA-1522 x_refsource_DEBIANvendor-advisoryx_transferred
29432 x_transferredx_refsource_SECUNIAthird-party-advisory
https://issues.rpath.com/browse/RPL-2317 x_transferredx_refsource_CONFIRM
http://wiki.rpath.com/Advisories:rPSA-2008-0116 x_transferredx_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0009.html x_transferredx_refsource_CONFIRM
APPLE-SA-2010-03-29-1 x_refsource_APPLEvendor-advisoryx_transferred
29392 x_transferredx_refsource_SECUNIAthird-party-advisory
29681 x_transferredx_refsource_SECUNIAthird-party-advisory
MDVSA-2008:068 vendor-advisoryx_refsource_MANDRIVAx_transferred
SUSE-SR:2008:007 vendor-advisoryx_transferredx_refsource_SUSE
ADV-2008-0913 x_refsource_VUPENx_transferredvdb-entry
30535 x_transferredx_refsource_SECUNIAthird-party-advisory
http://www.ipcop.org/index.php?name=News&file=article&sid=40 x_transferredx_refsource_CONFIRM
http://support.apple.com/kb/HT4077 x_transferredx_refsource_CONFIRM
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues mailing-listx_transferredx_refsource_BUGTRAQ
GLSA-200804-06 x_refsource_GENTOOvendor-advisoryx_transferred
oval:org.mitre.oval:def:9733 signaturex_transferredvdb-entryx_refsource_OVAL
29406 x_transferredx_refsource_SECUNIAthird-party-advisory
29495 x_transferredx_refsource_SECUNIAthird-party-advisory
31204 x_transferredx_refsource_SECUNIAthird-party-advisory
1019634 x_refsource_SECTRACKx_transferredvdb-entry
RHSA-2008:0196 vendor-advisoryx_transferredx_refsource_REDHAT
unzip-inflatedynamic-code-execution(41246) x_transferredvdb-entryx_refsource_XF
USN-589-1 x_refsource_UBUNTUvendor-advisoryx_transferred
28288 x_refsource_BIDx_transferredvdb-entry
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 x_transferredx_refsource_CONFIRM