Bug 1401865 (CVE-2014-9913)

Summary: CVE-2014-9913 unzip: methbuf[] buffer overflow in unzip's list_files()
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: carnil, jamartis, pstodulk, sardella
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-06 09:47:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1401866    

Description Andrej Nemec 2016-12-06 09:47:03 UTC
A buffer overflow vulnerability was found in "unzip -l" via list_files() in list.c.  This issue is caught by fortify source.

Original report from 2014:

http://seclists.org/oss-sec/2014/q4/497

CVE assignment:

http://seclists.org/oss-sec/2016/q4/601

Comment 1 Tomas Hoger 2016-12-13 14:10:38 UTC
This issue was previously reported here:

https://bugzilla.redhat.com/show_bug.cgi?id=1191136#c1

The issue was already corrected in Fedora unzip packages.  This issue is not planned to be corrected in the unzip packages in Red Hat Enterprise Linux 5, 6, and 7, as the problem is caught by FORTIFY_SOURCE, limiting impact to a crash of the unzip command.

Comment 3 Tomas Hoger 2016-12-13 14:29:00 UTC
Related upstream forums discussion:

http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=529