9.8

CVE-2017-12858

Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibzipLibzip Version1.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.29% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://www.securityfocus.com/bid/100459
Third Party Advisory
VDB Entry
https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
Patch
Third Party Advisory