CVE-2018-13410

Name of the Vulnerable Software and Affected Versions Info-ZIP Zip version 3.0

Description The issue is related to the use of memory after it has been freed, which can allow a remote attacker to access confidential information or cause a denial of service. The vulnerability is associated with the use of the -T and -TT command-line options, which can lead to an off-by-one error. This error may cause an invalid free and application crash, or possibly have other unspecified impacts. However, it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value.

Recommendations As a temporary workaround, consider disabling the use of the -T and -TT command-line options until a patch is available. Restrict access to the arbitrary command execution feature provided by the -TT option to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.