InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jcraft | jzlib | 0.0.2 |
| jcraft | jzlib | 0.0.6 |
| jcraft | jzlib | 0.0.4 |
| jcraft | jzlib | 0.0.3 |
| jcraft | jzlib | 0.0.1 |
| jcraft | jzlib | 0.0.5 |
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jcraft | jsch | * |