{
  "threat_severity" : "Low",
  "public_date" : "2018-02-02T00:00:00Z",
  "bugzilla" : {
    "description" : "zziplib: bus error in zzip_disk_findfirst function in zzip/mmapped.c",
    "id" : "1542261",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1542261"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-131",
  "details" : [ "In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.", "An unaligned memory access bug was found in the way ZZIPlib handled ZIP files. This flaw could potentially be used to crash the application using ZZIPlib by tricking the application into processing specially crafted ZIP files." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "zziplib",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "zziplib",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-6540\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6540" ],
  "name" : "CVE-2018-6540",
  "csaw" : false
}