Intrusion PreventionGNU.Libextractor.ZIP.File.Comment.Out.of.Bounds.Read
Description
This indicates an attack attempt to exploit an Out of Bounds Read Vulnerability in GNU Libextractor.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted ZIP file. An attacker can exploit this to disclose arbitrary files on the affected machine via a crafted ZIP file.
Affected Products
GNU Libextractor prior to 1.8
GNU Libextractor prior to 1:1.3-4+deb9u2
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
https://gnunet.org/bugs/view.php?id=5405
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-08-15 | 21.373 | Sig Added |
| 2019-06-06 | 14.627 | Severity:medium:high |
| 2018-11-13 | 13.489 | Sig Added |
| 2018-10-31 | 13.482 | Default_action:pass:drop |
| 2018-09-26 | 13.458 |
| ID | 46941 |
| Created | Oct 03, 2018 |
| Updated | Aug 12, 2022 |
| Risk |
|
| CVE ID | CVE-2018-16430 |
| Exploit Prediction Score | 18.56% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, MacOS |
| Affected App | Other |