Do your applications use this vulnerable package?
7 Dec 2017
12 Jul 2012
How to fix?
There is no fix version for
zipruby is Ruby bindings for libzip.
Affected versions of the package are vulnerable to Arbitrary Code Execution.
Integer overflow in the
_zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.