CVE Vulnerabilities

CVE-2019-13453

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Jul 17, 2019 | Modified: Jun 02, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Zipios Zipios_project * 0.1.7 (excluding)
Flightcrew Ubuntu bionic *
Flightcrew Ubuntu cosmic *
Flightcrew Ubuntu devel *
Flightcrew Ubuntu disco *
Flightcrew Ubuntu esm-apps/bionic *
Flightcrew Ubuntu esm-apps/xenial *
Flightcrew Ubuntu trusty *
Flightcrew Ubuntu upstream *
Flightcrew Ubuntu xenial *
Zipios++ Ubuntu bionic *
Zipios++ Ubuntu cosmic *
Zipios++ Ubuntu devel *
Zipios++ Ubuntu disco *
Zipios++ Ubuntu esm-apps/bionic *
Zipios++ Ubuntu esm-apps/xenial *
Zipios++ Ubuntu trusty *
Zipios++ Ubuntu trusty/esm *
Zipios++ Ubuntu upstream *
Zipios++ Ubuntu xenial *

References