oss-sec mailing list archives
Re: Heap overflow and DoS in unzip 6.0
From: cve-assign () mitre org
Date: Sun, 11 Oct 2015 14:06:25 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Two issues were found in unzip 6.0:
Please see our comments about multi-session use cases in the http://www.openwall.com/lists/oss-security/2014/11/04/7 post. Demonstrating that a crash occurs, or that the flow of execution never halts, after entering command-line arguments is not necessarily sufficient for obtaining a CVE ID. We found this: http://info-zip.org/FAQ.html#threads Can I use the Windows DLLs in a multithreaded application? The UnZip DLL is believed to be thread-safe. which suggests that programs exist that are unzipping files for multiple clients within the same run of the program. (Thread safety is not a critical factor; what is important is that an attacker can cause a denial of service to another person who presented their own ZIP archive independently.)
* A heap overflow triggered by unzipping a file with password (e.g unzip -p -P x sigsegv.zip)
AddressSanitizer: heap-buffer-overflow on address 0xb5202104 at pc 0x80500c0 bp 0xbfffedb8 sp 0xbfffedac READ of size 1
Use CVE-2015-7696 for this buffer over-read issue.
* A denegation of service with a file that never finishes unzipping (e.g. unzip sigxcpu.zip).
Use CVE-2015-7697. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWGqPmAAoJEL54rhJi8gl5F8cQAK4S8UrCsSEmBZ4US/VOIjey 2bsqclpJQE6jR1OKWm6cmxoUcqTsW7ihsFhTrjGtNklrTtW6S67NJydu4ZeHfr9H ddMbI8/SfQbYNFXY8ARZ5TOiTW137nM90CBtqOcSMhVuwFB+5OSq8+p8XrqmXXKV tgNiuXs4Btw70N8frhfgR2GguLgQbLiOJrNlp6sfgak/biesE/VPeZlRE1rCq0mo i2HsQBG6s0nt6VChXh5DeM+THbwHVw/cJpNYvzwH4DQezzli33AjPdX4fZw8Q12g weLfWaXZmMRT4orWyKzOc1FqoSJmaZczuaE3siBmqRTt41Ky8/T39KoQAeTgkV/s Lim1YOtZoji7AQ0FodLJUFSPF3OeoEbhgEPp6SdYf1BO28golZ4oxlaTR1QjsfkH ZpC1foqzYw6q/6aFv8x5O4XkUrkrNR1gLKzWm+LU7/kdSXVUXo+5i1oVKS4fy/g6 xfKXw+mwaDBjHhxVFSiJ1bW3LGU3+2XXrsWc1MfOc3D84QBYtXYq7+fdXvD2Ryp0 c5YTXrBo4GNswske/jS7jJQvOvWQYsDfnUsBP+tA3La8fJ7lF0XHZRxmPjQT0ZF/ vAl0sz99QRN3F5NSIH+ZfdJSBqoNf8ncOGLWOfeYhjyXMM5ACu4rB24u59sgOLPq YrCeryQMr84yk0h09TzT =fh+S -----END PGP SIGNATURE-----
Current thread:
- Re: Heap overflow and DoS in unzip 6.0 cve-assign (Oct 11)