Lucene search

K
osvGoogleOSV:GO-2021-0067
HistoryApr 14, 2021 - 8:04 p.m.

Panic when opening archives in archive/zip

2021-04-1420:04:52
Google
osv.dev
16
panic
archive path
stack overflow
denial of service
software

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

29.8%

Using Reader.Open on an archive containing a file with a path prefixed by โ€œโ€ฆ/โ€ will cause a panic due to a stack overflow. If parsing user supplied archives, this may be used as a denial of service vector.