Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <1d75d139d90f46fba7f6a0d40d662274@imshyb02.MITRE.ORG>
Date: Mon, 5 Dec 2016 17:12:17 -0500
From: <cve-assign@...re.org>
To: <tyhicks@...onical.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<security@...ntu.com>, <sms@...inode.info>
Subject: Re: CVE Request: Info-Zip zipinfo buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://launchpad.net/bugs/1643750

> The zipinfo buffer overflow occurs due to a flaw in zipinfo.c's
> zi_short() function:

> #11 zi_short () at zipinfo.c:1986
> #12 zipinfo () at zipinfo.c:919
> #13 0x000000000041144a in do_seekable (lastchance=lastchance@...ry=0) at
> process.c:974
> #14 0x0000000000411bdf in process_zipfiles () at process.c:401
> #15 0x0000000000404191 in unzip (argc=0, argv=0x7fffffffe628) at
> unzip.c:1278

> The overflow occurs when the two-byte compression method field in the
> central directory file header is greater then 999.

Use CVE-2016-9844.


> consider assigning a CVE to the related
> `unzip -l` issue from 2014.

>> http://www.openwall.com/lists/oss-security/2014/11/03/5
>> 
>> list_files() in list.c
>> 
>> sprintf(&methbuf[4], "%03u"
>> 
>> *printf() field-width format specifiers don't restrict the length of the
>> output

Use CVE-2014-9913.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYReVRAAoJEHb/MwWLVhi2sDQP+wZ1soybVzOtLc5BTXlHE6fD
48H0AW+qIG6eKrzxUWfi+Boo3xs3mwSqLnqTBrLiqGqbxLk4ssJjFVYvRkEKPAHn
Y6OeAgO6scW7m9EtP/bZiOuDionz8uS04hZmLq4RgJu/VXjj7SDP1MSHBRHYECZI
wWpL5NZyBpv8Z2ZAs2Cn92piP4rvAXzVXt5Qxi1ay5O4II+PXYtDkBMlh88r4GVt
j6+9fjcpuG2S9lG3t7/O4oU99vaCRfDqFgwMZE62J8N3l9Fs+Z6zngr+rGu2m4xr
kx6Ox5QWsuNVWLGULs6gy7ZI7845dc3HppZEBG+jjN8rhPTtwRWaAgwftsDYIRUW
ZuUMLWyoTjinvqeAJE6PRhzmYXNfZ4ghMe82+QnF5ssMdJQP/S89EFyJGok7e0Ei
Ie8qNpOtkm+TByyc161pEYyP3v3oMoMMZMi7znVEg2cR8tupeu7SeX8EvczEtxkI
4p5wQcZvIFq0ugIaTJ0tHqru5Iw60xCYmitNyd+91PEiO7hT6/5DShXJ90XLt9E5
ozYURyrOsu5JmAsE7P34vGHQpqAXzU4DJQ3Y8136T798t3o4qUU5zMPV3T7StC5z
R8yU9YOFetQwToSoEfzulELaYES+GT8jHjf/5q1JFzFBZWQvd8lqBvf/rm7yF3Tm
qUheoN1jfmydELo6uwea
=sfNe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.