Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Sep 2015 18:03:57 +0200
From: Stefan Cornelius <>
Subject: Re: Heap overflow and DoS in unzip 6.0

On Mon, 7 Sep 2015 08:57:20 -0300
Gustavo Grieco <> wrote:

> Hello,
> Two issues were found in unzip 6.0:
> * A heap overflow triggered by unzipping a file with password (e.g
> unzip -p -P x
> * A denegation of service with a file that never finishes unzipping
> (e.g. unzip
> Upstream is notified. Nevertheless the test cases as well as the
> valgrind and the adress sanitizer reports of the heap overflow case
> are attached (as a single file) in case someone wants to provide some
> feedback. These issues were found with QuickFuzz.
> Regards,
> Gustavo.

Can CVEs be assigned?

Thanks in advance,
Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ