PT-2018-9960 · Advancecomp+2 · Advancecomp+2

Joonun Jang

Published

2018-02-08

Updated

2022-01-21

CVE-2018-1056

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: advancecomp versions prior to 2.1-2018/02

Description: An out-of-bounds heap buffer read flaw was found in the way advancecomp handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

Recommendations: For versions prior to 2.1-2018/02, update to version 2.1-2018/02 or later to resolve the issue.

Exploit

Fix

Out of bounds Read

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-122

Related Identifiers

ALT-PU-2018-1669

CVE-2018-1056

DLA-1281-1

DLA-1702-1

DLA-2868-1

MGASA-2018-0141

USN-3570-1

Affected Products

Alt Linux

Ubuntu

Advancecomp

PT-2018-9960 · Advancecomp+2 · Advancecomp+2

CVE-2018-1056

Weakness Enumeration

Related Identifiers

Affected Products

References · 38