CVE-2019-16892

Published: Sep 25, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/rubyzip/rubyzip/pull/403

FEDORA-2019-0182d0b304

vendor-advisory

FEDORA-2019-8ecd991303

vendor-advisory

FEDORA-2019-52445dce42

vendor-advisory

RHBA-2019:4047

vendor-advisory

RHSA-2019:4201

vendor-advisory

https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-16892

Description

Affected Products

References