CVE-2017-18258: Allocation of Resources Without Limits or Throttling

April 8, 2018 (updated September 10, 2020)

The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

References

nvd.nist.gov/vuln/detail/CVE-2017-18258

Detect and mitigate CVE-2017-18258 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →