{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-12T20:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1162", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "refsource": "MLIST", "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"name": "http://www.nih.at/libzip/NEWS.html", "refsource": "CONFIRM", "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:35.521Z"}, "title": "CVE Program Container", "references": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1162", "datePublished": "2012-07-12T20:00:00Z", "dateReserved": "2012-02-14T00:00:00Z", "dateUpdated": "2024-09-16T20:37:08.613Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nih:libzip:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "594609BD-8B2D-4716-9170-76A56057194B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""}, {"lang": "es", "value": "Un desbordamiento de entero en la funci\u00f3n _zip_readcdir en zip_open.c en libzip v0.10 permite a atacantes remotos causar una denegaci\u00f3n de servicio (caida de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n atrav\u00e9s de un archivo ZIP con el numero de directorios puesto a 0. Se trata de un problema relacionado con un \"bucle incorrecto en un constructor\"."}], "id": "CVE-2012-1162", "lastModified": "2012-07-13T14:50:48.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-12T20:55:14.920", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"source": "secalert@redhat.com", "url": "http://www.nih.at/libzip/NEWS.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Timo Warns for reporting this issue.", "bugzilla": {"description": "libzip: heap overflow flaw when processing malformed zip file", "id": "802564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=802564"}, "csaw": false, "cvss": {"cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\""], "name": "CVE-2012-1162", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libzip", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-1162\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1162"], "statement": "Not vulnerable. This issue did not affect the versions of libzip and php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of php53 as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Moderate", "upstream_fix": "libzip 0.10.1"}