Stack-based Buffer Overflow in DynaZip Max and Related Products
CVE-2008-4420

Currently unrated

Key Information:

Vendor

HP
Status
Openview Performance Agent
Vendor
CVE Published:
13 April 2009

What is CVE-2008-4420?

The vulnerability involves multiple stack-based buffer overflows in DZIP32.DLL and DZIPS32.DLL, affecting several versions of DynaZip Max and TurboZIP. When a long filename is processed during operations such as Fix, Add, Update, or Freshen in ZIP archives, it can allow user-assisted attackers to execute arbitrary code. This issue underscores the critical need for proper input validation in file handling operations.

References

http://www.securitytracker.com/id?1022021
vdb-entryx_refsource_SECTRACK
http://innermedia.com/upgrades.html
x_refsource_MISC
http://www.securityfocus.com/archive/1/441083
mailing-listx_refsource_BUGTRAQ

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.