CVE-2018-7726

Name of the Vulnerable Software and Affected Versions: ZZIPlib version 0.13.68

Description: The issue is related to the zzip parse root directory function in the zip.c file of the ZZIPlib library, which can cause a bus error. This can be exploited by attackers to cause a denial of service using a crafted zip file. The vulnerability is also described as a buffer overflow issue in memory, allowing a remote attacker to cause a denial of service with a specially crafted zip file.

Recommendations: For ZZIPlib version 0.13.68, consider avoiding the use of the zzip parse root directory function until a patch is available. As a temporary workaround, restrict the handling of zip files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.