CVE-2019-16892

Description

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.18

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2019-16892 are fixed in Ruby-rubyzip 1.3.0	Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1	Windows
Vulnerabilities CVE-2019-16892 are fixed in Ruby-rubyzip for Linux 1.3.0	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234