Bug 1542333 (CVE-2018-1056) - CVE-2018-1056 advancecomp: Heap buffer overflow in zip.cc:zip_entry::load_cent() allows for denial of service or unspecified impact via crafted ZIP file
Summary: CVE-2018-1056 advancecomp: Heap buffer overflow in zip.cc:zip_entry::load_cen...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-1056
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1542334 1543104 1543105 1548327
Blocks: 1542335
TreeView+ depends on / blocked
 
Reported: 2018-02-06 06:08 UTC by Sam Fowler
Modified: 2021-10-21 19:54 UTC (History)
23 users (show)

Fixed In Version: advancecomp 2.1-2018/02
Clone Of:
Environment:
Last Closed: 2021-10-21 19:54:15 UTC
Embargoed:

Attachments (Terms of Use)

Description Sam Fowler 2018-02-06 06:08:38 UTC 
A heap buffer overflow in advancecomp through version 2.0 can allow an attacker to cause a denial of service (DoS) via a crafted ZIP file.

External References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270
Comment 1 Sam Fowler 2018-02-06 06:09:06 UTC 
Created advancecomp tracking bugs for this issue:

Affects: fedora-all [bug 1542334]
Comment 2 Joshua Padman 2018-02-06 10:53:03 UTC 
Red Hat OpenStack 6 will be unsupported from the 17th February 2018. This package is shipped to support the installation of Red Hat OpenStack Platform 6 and should not be used. This vulnerability will not be fixed in Red Hat OpenStack Platform 6.
Comment 4 Kurt Seifried 2018-02-07 17:58:14 UTC 
Statement:

This issue affects the versions of advancecomp as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 5 Salvatore Bonaccorso 2018-02-11 20:28:53 UTC 
The issue has been forwarded upstream to https://sourceforge.net/p/advancemame/bugs/259/
Note You need to log in before you can comment on or make changes to this bug.