Closed N3vv closed 3 years ago
@gdraheim can we consider this issue fixed?
Yes, I think it's been fixed.
If your PoC doesn't hang in a infinite loop anymore I think you're ok to close this issue
CVE-2020-18442 is assigned for this issue
Has CVE-2020-18442 been fixed? I find that the patch has not been incorporated into the mainline branch.
All the above commits are both part of master
and tag v0.13.72
. Could you share the link to the patch you can't find in the master branch?
All the above commits are both part of
master
and tagv0.13.72
. Could you share the link to the patch you can't find in the master branch?
Sorry, it was an oversight on my part. So has CVE-2020-18442 been fixed? I find that the issue is still open.
Hello, I found a bug of zziplib on the lastest commit b7747bc. It's in the function unzzip_cat_file (unzzipcat-zip.c:37) , and it is caused by incorrect handling of the return value of the function ‘zzip_fread’.
Relevant code in function unzzip_cat_file in unzzipcat-zip.c:
POC.zip
Using the POC file, I find that the function zzip_file_read returns -1. And it is handled incorrectly in the caller (unzzip_cat_file), which leads to an infinite loop.