References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787

https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787

OR
          *cpe:2.3:a:hashcat:hashcat:7.1.2:*:*:*:*:*:*:*

MITRE: https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f Types: Exploit, Mitigation, Third Party Advisory

A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When data_type_enum<=1, attacker-controlled hex data from a user-supplied hash string is decoded into a fixed-size buffer without proper input-length validation.

https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f