Closed ncopa closed 6 years ago
I have only referenced those with a patch in downstream Opensuse.
zzip_mem_entry_new() has been modified in 98403bb3c0661e56a2185777fd244ba3a67bc220 however.
The reference zip-file produces an error code like
00154-zziplib-nullptr-zzip_mem_entry_new: Invalid or incomplete multibyte or wide character
Not all occurrence are fixed => leaving this open.
./unzzip-big ~/Downloads/00154-zziplib-nullptr-zzip_mem_entry_new Speicherzugriffsfehler (Speicherabzug geschrieben)
Note that the original bug is fixed and covered by test_59807
But the same data makes for a bus error in test_59806
fixed test_59806
after reorganizing testcases it is now test_59802
checking back with v0.13.67 there is no problem to be seen.
checking back with v0.13.62 the testcase does show a bus error.
As the testcase is fine in the last versions, this issue may be regarded as => fixed
I could not find any commit messsage that says that CVE-2017-5980 is fixed.
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
From https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/
Reproducer: https://github.com/asarubbo/poc/blob/master/00154-zziplib-nullptr-zzip_mem_entry_new
If this is already fixed, then please tell which commit has the fix and which version and close this issue. Thanks!