Bug 1973826 (CVE-2020-18442)

Summary: CVE-2020-18442 zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file()
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abokovoy, jamartis
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: zziplib 0.13.72 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 22:51:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1973831, 1976339, 1977964    
Bug Blocks: 1973827    

Description Guilherme de Almeida Suckevicz 2021-06-18 19:39:46 UTC
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".


Comment 1 Guilherme de Almeida Suckevicz 2021-06-18 19:42:43 UTC
Created zziplib tracking bugs for this issue:

Affects: fedora-all [bug 1973831]

Comment 4 devthomp 2021-06-30 19:52:45 UTC
The fix for this issue is upstream here:

Comment 6 devthomp 2021-07-01 13:32:59 UTC
Zziplib is susceptible to infinite loop (loop with unreachable exit condition) when processing malformed zip files.The behavior of this condition could cause terminal unresponsiveness when running the command line. When using the library this could lead to application unresponsiveness.High CPU on said application/binary is also a possibility of this issue.

Comment 7 errata-xmlrpc 2021-11-09 18:12:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4316 https://access.redhat.com/errata/RHSA-2021:4316

Comment 8 Product Security DevOps Team 2021-11-09 22:51:31 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):