{"schema_version":"1.7.2","id":"OESA-2023-1816","modified":"2023-11-17T11:06:16Z","published":"2023-11-17T11:06:16Z","upstream":["CVE-2020-18770"],"summary":"zziplib security update","details":"The zziplib is a lightweight library to easily extract data from zip files. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.(CVE-2020-18770)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"zziplib","purl":"pkg:rpm/openEuler/zziplib\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.69-9.oe1"}]}],"ecosystem_specific":{"aarch64":["zziplib-debuginfo-0.13.69-9.oe1.aarch64.rpm","zziplib-0.13.69-9.oe1.aarch64.rpm","zziplib-debugsource-0.13.69-9.oe1.aarch64.rpm","zziplib-devel-0.13.69-9.oe1.aarch64.rpm"],"noarch":["zziplib-help-0.13.69-9.oe1.noarch.rpm"],"src":["zziplib-0.13.69-9.oe1.src.rpm"],"x86_64":["zziplib-debuginfo-0.13.69-9.oe1.x86_64.rpm","zziplib-debugsource-0.13.69-9.oe1.x86_64.rpm","zziplib-0.13.69-9.oe1.x86_64.rpm","zziplib-devel-0.13.69-9.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"zziplib","purl":"pkg:rpm/openEuler/zziplib\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.69-9.oe1"}]}],"ecosystem_specific":{"aarch64":["zziplib-devel-0.13.69-9.oe1.aarch64.rpm","zziplib-0.13.69-9.oe1.aarch64.rpm","zziplib-debugsource-0.13.69-9.oe1.aarch64.rpm","zziplib-debuginfo-0.13.69-9.oe1.aarch64.rpm"],"noarch":["zziplib-help-0.13.69-9.oe1.noarch.rpm"],"src":["zziplib-0.13.69-9.oe1.src.rpm"],"x86_64":["zziplib-devel-0.13.69-9.oe1.x86_64.rpm","zziplib-debugsource-0.13.69-9.oe1.x86_64.rpm","zziplib-0.13.69-9.oe1.x86_64.rpm","zziplib-debuginfo-0.13.69-9.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"zziplib","purl":"pkg:rpm/openEuler/zziplib\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.71-5.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["zziplib-debuginfo-0.13.71-5.oe2203.aarch64.rpm","zziplib-debugsource-0.13.71-5.oe2203.aarch64.rpm","zziplib-devel-0.13.71-5.oe2203.aarch64.rpm","zziplib-0.13.71-5.oe2203.aarch64.rpm","zziplib-debuginfo-0.13.71-5.oe2203sp1.aarch64.rpm","zziplib-devel-0.13.71-5.oe2203sp1.aarch64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp1.aarch64.rpm","zziplib-0.13.71-5.oe2203sp1.aarch64.rpm","zziplib-debuginfo-0.13.71-5.oe2203sp2.aarch64.rpm","zziplib-0.13.71-5.oe2203sp2.aarch64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp2.aarch64.rpm","zziplib-devel-0.13.71-5.oe2203sp2.aarch64.rpm"],"noarch":["zziplib-help-0.13.71-5.oe2203.noarch.rpm","zziplib-help-0.13.71-5.oe2203sp1.noarch.rpm","zziplib-help-0.13.71-5.oe2203sp2.noarch.rpm"],"src":["zziplib-0.13.71-5.oe2203.src.rpm","zziplib-0.13.71-5.oe2203sp1.src.rpm","zziplib-0.13.71-5.oe2203sp2.src.rpm"],"x86_64":["zziplib-debugsource-0.13.71-5.oe2203.x86_64.rpm","zziplib-debuginfo-0.13.71-5.oe2203.x86_64.rpm","zziplib-devel-0.13.71-5.oe2203.x86_64.rpm","zziplib-0.13.71-5.oe2203.x86_64.rpm","zziplib-debuginfo-0.13.71-5.oe2203sp1.x86_64.rpm","zziplib-devel-0.13.71-5.oe2203sp1.x86_64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp1.x86_64.rpm","zziplib-0.13.71-5.oe2203sp1.x86_64.rpm","zziplib-0.13.71-5.oe2203sp2.x86_64.rpm","zziplib-debuginfo-0.13.71-5.oe2203sp2.x86_64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp2.x86_64.rpm","zziplib-devel-0.13.71-5.oe2203sp2.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"zziplib","purl":"pkg:rpm/openEuler/zziplib\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.71-5.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["zziplib-debuginfo-0.13.71-5.oe2203sp1.aarch64.rpm","zziplib-devel-0.13.71-5.oe2203sp1.aarch64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp1.aarch64.rpm","zziplib-0.13.71-5.oe2203sp1.aarch64.rpm"],"noarch":["zziplib-help-0.13.71-5.oe2203sp1.noarch.rpm"],"src":["zziplib-0.13.71-5.oe2203sp1.src.rpm"],"x86_64":["zziplib-debuginfo-0.13.71-5.oe2203sp1.x86_64.rpm","zziplib-devel-0.13.71-5.oe2203sp1.x86_64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp1.x86_64.rpm","zziplib-0.13.71-5.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP2","name":"zziplib","purl":"pkg:rpm/openEuler/zziplib\u0026distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.71-5.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["zziplib-debuginfo-0.13.71-5.oe2203sp2.aarch64.rpm","zziplib-0.13.71-5.oe2203sp2.aarch64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp2.aarch64.rpm","zziplib-devel-0.13.71-5.oe2203sp2.aarch64.rpm"],"noarch":["zziplib-help-0.13.71-5.oe2203sp2.noarch.rpm"],"src":["zziplib-0.13.71-5.oe2203sp2.src.rpm"],"x86_64":["zziplib-0.13.71-5.oe2203sp2.x86_64.rpm","zziplib-debuginfo-0.13.71-5.oe2203sp2.x86_64.rpm","zziplib-debugsource-0.13.71-5.oe2203sp2.x86_64.rpm","zziplib-devel-0.13.71-5.oe2203sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1816"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-18770"}],"database_specific":{"severity":"Medium"}}