Bug 2044583 (CVE-2021-4217)

Summary: CVE-2021-4217 unzip: Null pointer dereference in Unicode strings code
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bdettelb, caswilli, dhalasz, fjansen, jamartis, jwong, kaycoth, kdudka, micjohns, pstodulk, sthirugn, vkrizan, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2046940, 2046947, 2046949    
Bug Blocks: 2044584    

Description Pedro Sampaio 2022-01-24 19:16:08 UTC 
A null pointer dereference was found in unzip. The bug appears to be located in the code responsible for handling Unicode strings. This allows an attacker to perform a denial of service and possibly opens up other attack vectors.

References:

https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
Comment 3 Sandipan Roy 2022-01-27 09:44:19 UTC 
Created unzip tracking bugs for this issue:

Affects: fedora-all [bug 2046940]
Comment 5 mulliken 2022-01-31 19:18:06 UTC 
The unzip command is not used to provide any of our services. The services that work with zip archives utilize libraries that are specific to their language. AFAIK this tool does not provide a widely used library.