oss-sec mailing list archives

Re: CVE Request: Info-Zip zipinfo buffer overflow

From: "Steven M. Schweda" <sms () antinode info>
Date: Mon, 5 Dec 2016 16:27:38 -0600 (CST)

From: Tyler Hicks <tyhicks () canonical com>

   Thanks for the (thorough, helpful) report.


I appreciate it but Alexis deserves most of the credit.


   The item in the next History.610 file should resemble:

 - In ZipInfo ("-Z", /ZIPINFO) short-format ("-s", /SHORT, default)
   reports, an unexpectedly large compression method value (>999) caused
   a (mostly harmless) buffer overflow, and spoiled the report format.
   Now, values less than 1000 are displayed as before, using a
   three-digit decimal format, "uDDD", but larger values are displayed
   using a four-digit (unlabled) hexadecimal format, "XXXX".
   https://launchpad.net/bugs/1643750
   (zipinfo.c) [Alexis Vanden Eijnde, Tyler Hicks, SMS]

(Credit is cheap.)

Thanks for the quick fix. Is there a public code repository available so
that we can reference a specific commit that fixes this issue?


   No.  We've been thinking about it, though.

Nope. As you probably noticed, MITRE just assigned a CVE. It likely
helped that you confirmed the issue.


   Swell.  (One fewer thing I need to know.)

 Thanks again!


   Same to you (plural).

------------------------------------------------------------------------

   Steven M. Schweda               sms@antinode-info

Current thread:

CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow cve-assign (Dec 05)
- <Possible follow-ups>
- CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)
  - Re: CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)