WS-2020-0368 (Medium) detected in zlib-sync0.1.4, erlpack0.1.4 #53

ioanaghews · 2022-02-08T12:50:17Z

WS-2020-0368 - Medium Severity Vulnerability

Vulnerable Libraries - zlib-sync0.1.4, erlpack0.1.4

Vulnerability Details

Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.

Publish Date: 2020-02-22

URL: WS-2020-0368

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

ioanaghews bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 8, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2020-0368 (Medium) detected in zlib-sync0.1.4, erlpack0.1.4 #53

WS-2020-0368 (Medium) detected in zlib-sync0.1.4, erlpack0.1.4 #53

ioanaghews bot commented Feb 8, 2022

WS-2020-0368 (Medium) detected in zlib-sync0.1.4, erlpack0.1.4 #53

WS-2020-0368 (Medium) detected in zlib-sync0.1.4, erlpack0.1.4 #53

Comments

ioanaghews bot commented Feb 8, 2022

WS-2020-0368 - Medium Severity Vulnerability