[Bug 10436] New: LZMA decompression crash
bugzilla at busybox.net
bugzilla at busybox.net
Sun Oct 22 13:17:20 UTC 2017
https://bugs.busybox.net/show_bug.cgi?id=10436
Bug ID: 10436
Summary: LZMA decompression crash
Product: Busybox
Version: 1.27.x
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: ariel at twistlock.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 7306
--> https://bugs.busybox.net/attachment.cgi?id=7306&action=edit
Crash file
I found a vulnerability in the unlzma code
(archival/libarchive/decompress_unlzma.c line 455) while fuzzing the unzip
applet. The crash is a read access violation.
Attached is one of the crash files and the fuzzer info. Tested with 1.27.2.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list