Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 5 Dec 2016 17:12:17 -0500
From: <cve-assign@...re.org>
To: <tyhicks@...onical.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<security@...ntu.com>, <sms@...inode.info>
Subject: Re: CVE Request: Info-Zip zipinfo buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://launchpad.net/bugs/1643750

> The zipinfo buffer overflow occurs due to a flaw in zipinfo.c's
> zi_short() function:

> #11 zi_short () at zipinfo.c:1986
> #12 zipinfo () at zipinfo.c:919
> #13 0x000000000041144a in do_seekable (lastchance=lastchance@...ry=0) at
> process.c:974
> #14 0x0000000000411bdf in process_zipfiles () at process.c:401
> #15 0x0000000000404191 in unzip (argc=0, argv=0x7fffffffe628) at
> unzip.c:1278

> The overflow occurs when the two-byte compression method field in the
> central directory file header is greater then 999.

Use CVE-2016-9844.


> consider assigning a CVE to the related
> `unzip -l` issue from 2014.

>> http://www.openwall.com/lists/oss-security/2014/11/03/5
>> 
>> list_files() in list.c
>> 
>> sprintf(&methbuf[4], "%03u"
>> 
>> *printf() field-width format specifiers don't restrict the length of the
>> output

Use CVE-2014-9913.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYReVRAAoJEHb/MwWLVhi2sDQP+wZ1soybVzOtLc5BTXlHE6fD
48H0AW+qIG6eKrzxUWfi+Boo3xs3mwSqLnqTBrLiqGqbxLk4ssJjFVYvRkEKPAHn
Y6OeAgO6scW7m9EtP/bZiOuDionz8uS04hZmLq4RgJu/VXjj7SDP1MSHBRHYECZI
wWpL5NZyBpv8Z2ZAs2Cn92piP4rvAXzVXt5Qxi1ay5O4II+PXYtDkBMlh88r4GVt
j6+9fjcpuG2S9lG3t7/O4oU99vaCRfDqFgwMZE62J8N3l9Fs+Z6zngr+rGu2m4xr
kx6Ox5QWsuNVWLGULs6gy7ZI7845dc3HppZEBG+jjN8rhPTtwRWaAgwftsDYIRUW
ZuUMLWyoTjinvqeAJE6PRhzmYXNfZ4ghMe82+QnF5ssMdJQP/S89EFyJGok7e0Ei
Ie8qNpOtkm+TByyc161pEYyP3v3oMoMMZMi7znVEg2cR8tupeu7SeX8EvczEtxkI
4p5wQcZvIFq0ugIaTJ0tHqru5Iw60xCYmitNyd+91PEiO7hT6/5DShXJ90XLt9E5
ozYURyrOsu5JmAsE7P34vGHQpqAXzU4DJQ3Y8136T798t3o4qUU5zMPV3T7StC5z
R8yU9YOFetQwToSoEfzulELaYES+GT8jHjf/5q1JFzFBZWQvd8lqBvf/rm7yF3Tm
qUheoN1jfmydELo6uwea
=sfNe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.