oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Heap overflow and DoS in unzip 6.0

From: cve-assign () mitre org
Date: Sun, 11 Oct 2015 14:06:25 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Two issues were found in unzip 6.0:


Please see our comments about multi-session use cases in the
http://www.openwall.com/lists/oss-security/2014/11/04/7 post.
Demonstrating that a crash occurs, or that the flow of execution never
halts, after entering command-line arguments is not necessarily
sufficient for obtaining a CVE ID.

We found this:

  http://info-zip.org/FAQ.html#threads
  Can I use the Windows DLLs in a multithreaded application?

  The UnZip DLL is believed to be thread-safe.

which suggests that programs exist that are unzipping files for
multiple clients within the same run of the program. (Thread safety is
not a critical factor; what is important is that an attacker can cause
a denial of service to another person who presented their own ZIP
archive independently.)


* A heap overflow triggered by unzipping a file with password (e.g unzip -p
-P x sigsegv.zip)



AddressSanitizer: heap-buffer-overflow on address 0xb5202104 at pc 0x80500c0 bp 0xbfffedb8 sp 0xbfffedac
READ of size 1


Use CVE-2015-7696 for this buffer over-read issue.



* A denegation of service with a file that never finishes unzipping (e.g.
unzip sigxcpu.zip).


Use CVE-2015-7697.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWGqPmAAoJEL54rhJi8gl5F8cQAK4S8UrCsSEmBZ4US/VOIjey
2bsqclpJQE6jR1OKWm6cmxoUcqTsW7ihsFhTrjGtNklrTtW6S67NJydu4ZeHfr9H
ddMbI8/SfQbYNFXY8ARZ5TOiTW137nM90CBtqOcSMhVuwFB+5OSq8+p8XrqmXXKV
tgNiuXs4Btw70N8frhfgR2GguLgQbLiOJrNlp6sfgak/biesE/VPeZlRE1rCq0mo
i2HsQBG6s0nt6VChXh5DeM+THbwHVw/cJpNYvzwH4DQezzli33AjPdX4fZw8Q12g
weLfWaXZmMRT4orWyKzOc1FqoSJmaZczuaE3siBmqRTt41Ky8/T39KoQAeTgkV/s
Lim1YOtZoji7AQ0FodLJUFSPF3OeoEbhgEPp6SdYf1BO28golZ4oxlaTR1QjsfkH
ZpC1foqzYw6q/6aFv8x5O4XkUrkrNR1gLKzWm+LU7/kdSXVUXo+5i1oVKS4fy/g6
xfKXw+mwaDBjHhxVFSiJ1bW3LGU3+2XXrsWc1MfOc3D84QBYtXYq7+fdXvD2Ryp0
c5YTXrBo4GNswske/jS7jJQvOvWQYsDfnUsBP+tA3La8fJ7lF0XHZRxmPjQT0ZF/
vAl0sz99QRN3F5NSIH+ZfdJSBqoNf8ncOGLWOfeYhjyXMM5ACu4rB24u59sgOLPq
YrCeryQMr84yk0h09TzT
=fh+S
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: