CVE-2020-18770 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
gdraheim	zziplib	0.13.69

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

zziplib

bookworm	ignored
bullseye	no-dsa
buster	no-dsa
sid	vulnerable
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

zziplib

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	ignored
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

libzzip-0-13

suse enterprise desktop 15 SP5	0.13.69-150000.3.17.1 fixed
suse enterprise desktop 15 SP6	0.13.72-150600.2.2 fixed
suse enterprise desktop 15 SP7	0.13.78-150700.1.5 fixed
suse enterprise sap 15 SP5	0.13.69-150000.3.17.1 fixed
suse enterprise sap 15 SP6	0.13.72-150600.2.2 fixed
suse enterprise sap 15 SP7	0.13.78-150700.1.5 fixed
suse enterprise server 15 SP4	0.13.69-150000.3.17.1 fixed
suse enterprise server 15 SP5	0.13.69-150000.3.17.1 fixed
suse enterprise server 15 SP6	0.13.72-150600.2.2 fixed
suse enterprise server 15 SP7	0.13.78-150700.1.5 fixed

zziplib-devel

suse enterprise desktop 15 SP5	0.13.69-150000.3.17.1 fixed
suse enterprise desktop 15 SP6	0.13.72-150600.2.2 fixed
suse enterprise desktop 15 SP7	0.13.78-150700.1.5 fixed
suse enterprise sap 15 SP5	0.13.69-150000.3.17.1 fixed
suse enterprise sap 15 SP6	0.13.72-150600.2.2 fixed
suse enterprise sap 15 SP7	0.13.78-150700.1.5 fixed
suse enterprise server 15 SP4	0.13.69-150000.3.17.1 fixed
suse enterprise server 15 SP5	0.13.69-150000.3.17.1 fixed
suse enterprise server 15 SP6	0.13.72-150600.2.2 fixed
suse enterprise server 15 SP7	0.13.78-150700.1.5 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

zziplib

RHEL 8	0:0.13.68-13.el8_10 fixed
RHEL 9	0:0.13.71-11.el9_4 fixed

zziplib-devel

RHEL 8	0:0.13.68-13.el8_10 fixed
RHEL 9	0:0.13.71-11.el9_4 fixed

zziplib-utils

RHEL 8	0:0.13.68-13.el8_10 fixed
RHEL 9	0:0.13.71-11.el9_4 fixed

Known Exploits!

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://github.com/gdraheim/zziplib/issues/69

https://github.com/gdraheim/zziplib/issues/69