Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 9 MGASA-2024-0289 Critical: zziplib Denial of Service

mageia
Calendar Grey September 10, 2024
Dist Mageia Esm H88
The Mageia security advisory MGASA-2024-0290 tackles a critical vulnerability in zziplib, which involves a stack buffer overflow, aiming to prevent potential denial of service incidents.
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c

Summary

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. (CVE-2024-39134)

References

- https://bugs.mageia.org/show_bug.cgi?id=33527

- https://lists.suse.com/pipermail/sle-security-updates/2024-August/019205.html

- https://www.cve.org/CVERecord?id=CVE-2024-39134

Topics%20covered

Topics Covered

security advisory denial of service critical issue zziplib stack buffer overflow mageia

Resolution

SRPMS

- 9/core/zziplib-0.13.72-2.2.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 10 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0289.html
Type: security
CVE: CVE-2024-39134

Topics%20covered

Topics Covered

security advisory denial of service critical issue zziplib stack buffer overflow mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here