CVE-2012-1162 - OpenCVE

Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Nih	Libzip

Configuration 1 [-]

cpe:2.3:a:nih:libzip:0.10:*:*:*:*:*:*:*

References

Link	Resource
http://nih.at/listarchive/libzip-discuss/msg00252.html	Exploit
http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:034
http://www.nih.at/libzip/NEWS.html
http://www.openwall.com/lists/oss-security/2012/03/21/2	Exploit
http://www.openwall.com/lists/oss-security/2012/03/29/11

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:26

Updated: 2022-10-03T16:15:26

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-1162

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-07-12T20:55:14.920

Modified: 2012-07-13T14:50:48.640

Link: CVE-2012-1162

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:26", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1162", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "refsource": "MLIST", "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"name": "http://www.nih.at/libzip/NEWS.html", "refsource": "CONFIRM", "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1162", "datePublished": "2022-10-03T16:15:26", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nih:libzip:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "594609BD-8B2D-4716-9170-76A56057194B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""}, {"lang": "es", "value": "Un desbordamiento de entero en la funci\u00f3n _zip_readcdir en zip_open.c en libzip v0.10 permite a atacantes remotos causar una denegaci\u00f3n de servicio (caida de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n atrav\u00e9s de un archivo ZIP con el numero de directorios puesto a 0. Se trata de un problema relacionado con un \"bucle incorrecto en un constructor\"."}], "id": "CVE-2012-1162", "lastModified": "2012-07-13T14:50:48.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-12T20:55:14.920", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"source": "secalert@redhat.com", "url": "http://www.nih.at/libzip/NEWS.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}