Search CVE reports
1 – 10 of 13 results
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE:...
3 affected packages
zlib, rsync, klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| zlib | Not affected | Not affected | Not affected | Not affected |
| rsync | Not affected | Not affected | Not affected | Not affected |
| klibc | Not affected | Not affected | Not affected | Not affected |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle...
3 affected packages
rsync, zlib, klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | Not affected | Not affected | Fixed | Fixed |
| zlib | Not affected | Fixed | Fixed | Fixed |
| klibc | Fixed | Fixed | Fixed | Fixed |
Some fixes available 4 of 6
An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
1 affected package
klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| klibc | — | Not affected | Fixed | Fixed |
Some fixes available 4 of 6
An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
1 affected package
klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| klibc | — | Not affected | Fixed | Fixed |
Some fixes available 4 of 6
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
1 affected package
klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| klibc | — | Not affected | Fixed | Fixed |
Some fixes available 4 of 6
An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.
1 affected package
klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| klibc | — | Not affected | Fixed | Fixed |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
5 affected packages
rsync, zlib, mariadb-10.3, mariadb-10.6, klibc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rsync | Not affected | Not affected | Fixed | Fixed |
| zlib | Fixed | Fixed | Fixed | Fixed |
| mariadb-10.3 | — | Not in release | Fixed | Not in release |
| mariadb-10.6 | Not in release | Fixed | Not in release | Not in release |
| klibc | Fixed | Fixed | Fixed | Fixed |
Some fixes available 16 of 30
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
4 affected packages
zlib, rsync, klibc, zsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| zlib | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed |
| klibc | Needs evaluation | Not affected | Not affected | Not affected |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 16 of 30
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
4 affected packages
zlib, rsync, klibc, zsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| zlib | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed |
| klibc | Needs evaluation | Not affected | Not affected | Not affected |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 25 of 36
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
4 affected packages
zlib, rsync, klibc, zsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| zlib | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed |
| klibc | Fixed | Fixed | Fixed | Fixed |
| zsync | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |