zip -- long path buffer overflow

2004-10-03T00:00:00
ID 40549BBF-43B5-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2004-12-12T00:00:00

Description

A HexView security advisory reports:

When zip performs recursive folder compression, it does not check for the length of resulting path. If the path is too long, a buffer overflow occurs leading to stack corruption and segmentation fault. It is possible to exploit this vulnerability by embedding a shellcode in directory or file name. While the issue is not of primary concern for regular users, it can be critical for environments where zip archives are re-compressed automatically using Info-Zip application.