Bug 902998 (CVE-2013-0211) - CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems
Summary: CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2013-0211
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 927105 927106 927115
Blocks: 903001
TreeView+ depends on / blocked
 
Reported: 2013-01-22 22:03 UTC by Vincent Danen
Modified: 2021-06-11 21:04 UTC (History)
2 users (show)

Fixed In Version: libarchive 3.2.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-06-11 21:04:54 UTC


Attachments (Terms of Use)
proposed upstream patch (827 bytes, patch)
2013-01-22 22:05 UTC, Vincent Danen
no flags Details | Diff

Description Vincent Danen 2013-01-22 22:03:23 UTC
Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8.  In the archive_write_zip_data() function in libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) and is cast to a 64 bit signed integer.  If "s" is larger than MAX_INT, it will not be set to "zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads to a buffer overflow when calling deflate().

This can lead to a segfault in an application that uses libarchive to create ZIP archives.

Comment 1 Vincent Danen 2013-01-22 22:05:51 UTC
Created attachment 685479 [details]
proposed upstream patch

Comment 2 Huzaifa S. Sidhpurwala 2013-03-25 05:17:55 UTC
This issue is now public via:

https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4

Comment 3 Huzaifa S. Sidhpurwala 2013-03-25 05:19:36 UTC
Created mingw-libarchive tracking bugs for this issue

Affects: fedora-all [bug 927106]

Comment 4 Huzaifa S. Sidhpurwala 2013-03-25 05:19:42 UTC
Created libarchive tracking bugs for this issue

Affects: fedora-all [bug 927105]

Comment 5 Huzaifa S. Sidhpurwala 2013-03-25 05:47:04 UTC
Created libarchive tracking bugs for this issue

Affects: epel-5 [bug 927115]

Comment 10 Fedora Update System 2013-04-08 00:22:12 UTC
mingw-libarchive-3.0.4-4.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2013-04-08 00:26:11 UTC
mingw-libarchive-3.0.4-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2013-04-12 22:24:57 UTC
libarchive-3.0.4-4.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2013-04-12 22:27:16 UTC
libarchive-3.0.4-3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2013-05-02 19:51:21 UTC
libarchive-2.8.4-6.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Product Security DevOps Team 2021-06-11 21:04:54 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2013-0211


Note You need to log in before you can comment on or make changes to this bug.