Vulnerability Description
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nongnu | Zutils | <= 1.8 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/904819Issue TrackingMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00016.htmlMailing ListThird Party Advisory
- https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.htmlMailing ListThird Party Advisory
- https://bugs.debian.org/904819Issue TrackingMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00016.htmlMailing ListThird Party Advisory
- https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2018-1000637?
CVE-2018-1000637 is a vulnerability with a CVSS score of 7.8 (HIGH). zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitab...
How severe is CVE-2018-1000637?
CVE-2018-1000637 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000637?
Check the references section above for vendor advisories and patch information. Affected products include: Nongnu Zutils, Debian Debian Linux.