The ZZIPlib provides read access on ZIP-archives and unpacked data. It features an additional simplified API following the standard Posix API for file access
Other
62
stars
50
forks
source link
Stack-buffer-overflow in unzzip_cat_file function in src/bins/unzzipcat-zip.c #70
Stack-buffer-overflow was discovered in unzzip_cat_file function in src/bins/unzzipcat-zip.c, as distributed in zziplib 0.13.69. A crafted Compressed file can cause segment faults and I have confirmed them with address sanitizer too.
Here are the POC files. Please use "./unzzip $POC" to reproduce the error.
POC.zip
Hi, there.
Stack-buffer-overflow was discovered in unzzip_cat_file function in src/bins/unzzipcat-zip.c, as distributed in zziplib 0.13.69. A crafted Compressed file can cause segment faults and I have confirmed them with address sanitizer too.
Here are the POC files. Please use "./unzzip $POC" to reproduce the error. POC.zip
git log
commit b7747bc40a66ccdfa4860957e989db6dd8f0eb92
The ASAN dumps the stack trace as follows: