CVE-2018-1000637
Last modified
CVE-2018-1000637 is a vulnerability of currently unknown severity. zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. EPSS estimates a 1.68% chance of exploitation in the next 30 days.
Description
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Nongnu | Zutils | <= 1.8 | — |
| Nongnu | Zutils | 1.8 | Pre1 |
| Debian | Debian Linux | 8.0 | — |
References
- https://bugs.debian.org/904819Issue Tracking, Mailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00016.htmlMailing List, Third Party Advisory
- https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.htmlMailing List, Third Party Advisory
- https://bugs.debian.org/904819Issue Tracking, Mailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00016.htmlMailing List, Third Party Advisory
- https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000637?
How severe is CVE-2018-1000637?
How do I fix CVE-2018-1000637?
Are you affected by CVE-2018-1000637?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST