{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-12T20:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1163", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "refsource": "MLIST", "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"name": "http://www.nih.at/libzip/NEWS.html", "refsource": "CONFIRM", "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:35.608Z"}, "title": "CVE Program Container", "references": [{"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"name": "MDVSA-2012:034", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.nih.at/libzip/NEWS.html"}, {"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"name": "GLSA-201203-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1163", "datePublished": "2012-07-12T20:00:00Z", "dateReserved": "2012-02-14T00:00:00Z", "dateUpdated": "2024-09-17T00:26:22.595Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nih:libzip:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "594609BD-8B2D-4716-9170-76A56057194B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."}, {"lang": "es", "value": "Un desbordamiento de entero en la funci\u00f3n _zip_readcdir en zip_open.c en libzip v0.10 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del tama\u00f1o y los valores de desplazamiento para el directorio central en un archivo zip, lo que provoca \"restricciones indebidas de las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria\" y una fuga de informaci\u00f3n."}], "id": "CVE-2012-1163", "lastModified": "2024-11-21T01:36:34.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-07-12T20:55:15.000", "references": [{"source": "secalert@redhat.com", "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"source": "secalert@redhat.com", "url": "http://www.nih.at/libzip/NEWS.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nih.at/libzip/NEWS.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Timo Warns for reporting this issue.", "bugzilla": {"description": "libzip: integer overflow when processing malformed zip file", "id": "803028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803028"}, "csaw": false, "cvss": {"cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-190", "details": ["Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."], "name": "CVE-2012-1163", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libzip", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-1163\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1163"], "statement": "Not vulnerable. This issue did not affect the versions of libzip and php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of php53 as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Moderate", "upstream_fix": "libzip 0.10.1"}