Closed ncopa closed 7 years ago
I have merged downstream from Opensuse where there was no patch for CVE-2017-5977.
However a similar problem has resulted in deprecating zzip_mem_entry_extra_block and using a new implementation that does check memory boundaries more thoroughly. That is included in commit 1e5b1ac48186e34e871945769623becfa3650956 and 9e8f867a976311a3e5fb0184c947e22ec35f2fcb
I have check with the referenced zip-file which is being extracted without a problem.
./unzzip -v ~/Downloads/00153-zziplib-invalidread-zzip_mem_entry_extra_block 3/3 stored test ./unzzip ~/Downloads/00153-zziplib-invalidread-zzip_mem_entry_extra_block
I could not find any commit message that says that CVE-2017-5977 is fixed.
From: https://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
Reproducer: https://github.com/asarubbo/poc/blob/master/00153-zziplib-invalidread-zzip_mem_entry_extra_block
If this is fixed, then please add a comment that tells which commit fixes it (and which version that includes the fix) and close this issue.
Thanks!