Vulnerabilities > CVE-2020-18442 - Infinite Loop vulnerability in multiple products

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

local

low complexity

NVD

Published: 2021-06-18

Updated: 2023-11-07

Summary

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".

Vulnerable Configurations

Part	Description	Count
Application	Zziplib_Project Zziplib Project Zziplib 0.13.69	1
OS	Debian Debian Debian Linux 9.0	1
OS	Fedoraproject Fedoraproject Fedora 34 Fedoraproject Fedora 35	2

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/gdraheim/zziplib/issues/68
https://lists.debian.org/debian-lts-announce/2021/12/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCFYD46OY4VAGJ4UX7IFOH5SHD4UW4ZA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVANTEBDQGOIPC5KCEVAGA5KT4KKTGWB/