oCERT-2014-011 UnZip input sanitization errors
Description:
The UnZip tool is an open source extraction utility for archives compressed in the zip format.
The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() functions. The input errors may result in arbitrary code execution.
A specially crafted zip file, passed to unzip -t, can be used to trigger the vulnerability.
Affected version:
UnZip <= 6.0
Fixed version:
UnZip, N/A
Credit: vulnerability report from Michele Spagnuolo of Google Security Team <mikispag AT google.com>.
CVE: CVE-2014-8139 (CRC32 heap overflow), CVE-2014-8140 (test_compr_eb), CVE-2014-8141 (getZip64Data)
Timeline:2014年12月03日: vulnerability report received
2014年12月03日: contacted maintainer
2014年12月03日: first patch provided by maintainer
2014年12月04日: report provides additional reproducers
2014年12月03日: second patch provided by maintainer
2014年12月04日: reporter confirms patch
2014年12月10日: contacted affected vendors
2014年12月12日: assigned CVEs
2014年12月22日: advisory release
2014年12月24日: references update
References:
http://www.info-zip.org/UnZip.html
https://bugzilla.redhat.com/show_bug.cgi?id=1174844
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140
https://bugzilla.redhat.com/show_bug.cgi?id=1174856