oss-sec mailing list archives

Re: CVE Request: Info-ZIP unzip 6.0

From: mancha <mancha1 () zoho com>
Date: Tue, 20 Jan 2015 18:08:34 +0000

On Mon, Dec 22, 2014 at 06:14:58PM +0000, mancha wrote:

Hello.

OOB access (both read and write) issues exist in test_compr_eb
(extract.c) that can result in application crash or other unspecified
impact.

This vulnerability can be triggered via crafted zip archives with extra
fields that advertise STORED method compression (i.e. no compression)
and have uncompressed field sizes smaller than the corresponding
compressed field sizes.

This issue is different from CVE-2014-8140 [1].

Please allocate a CVE identifier for this vulnerability.

--mancha


Timeline:

2014-10-24: Crasher bundled in afl
2014-11-02: Existence of crasher shared on OSS-SEC [2]
2014-11-03: Crasher analyzed and fix developed [3]
2014-11-03: Maintainer contacted [4]
2014-12-22: CVE requested

----
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140
[2] http://seclists.org/oss-sec/2014/q4/489
[3] http://seclists.org/oss-sec/2014/q4/507
[4] http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450



Hello MITRE.

This request seems to have fallen through the cracks. Please advise on
its status.

Many thanks.

--mancha

Attachment: _bin
Description:

Current thread:

Re: CVE Request: Info-ZIP unzip 6.0 mancha (Jan 20)
- Re: CVE Request: Info-ZIP unzip 6.0 cve-assign (Jan 22)
- <Possible follow-ups>
- Re: CVE Request: Info-ZIP unzip 6.0 Tomas Hoger (Feb 10)
  - Re: CVE Request: Info-ZIP unzip 6.0 mancha (Feb 11)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 10)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 11)