[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637) (#9332) · Issues · alpine / aports

[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted
compressed file. This vulnerability appears to have been fixed in 1.8-pre2.

References:

https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1000637
http://openwall.com/lists/oss-security/2018/08/22/2

(from redmine: issue id 9332, created on 2018-08-23, closed on 2018-08-27)

Relations:
- copied_to #9331 (closed)
- parent #9331 (closed)
Changesets:
- Revision d031b70d by Natanael Copa on 2018-08-23T12:48:48Z:

community/zutils: security fix (CVE-2018-1000637)

fixes #9332

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information