CVE-2020-18770: one invalid memroy access issue in zzip_disk_entry_to_file_header in mmapped.c · Issue #69 · gdraheim/zziplib

POC:
zip_poc.zip

There exisits one invalid memroy access issue in zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. This bug can be triggered by the executable unzzip-mem.

$ unzzip-mem $poc

ASAN:SIGSEGV

==8254==ERROR: AddressSanitizer: SEGV on unknown address 0x1772507f (pc 0xb772ff16 sp 0xbfce6a10 bp 0x0101db82 T0)
#0 0xb772ff15 in zzip_disk_entry_to_file_header /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/zzip/…/…/zzip/mmapped.c:272
#1 0xb77390d8 in zzip_mem_entry_new /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/zzip/…/…/zzip/memdisk.c:201
#2 0xb77390d8 in zzip_mem_disk_load /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/zzip/…/…/zzip/memdisk.c:160
#3 0xb77386c7 in zzip_mem_disk_open /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/zzip/…/…/zzip/memdisk.c:94
#4 0x80ce02e in unzzip_cat /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/bins/…/…/bins/unzzipcat-mem.c:72
#5 0x80d0fae in unzzip_extract /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/bins/…/…/bins/unzzipcat-mem.c:143
#6 0x80cd5f0 in main /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/bins/…/…/bins/unzzip.c:187
#7 0xb74d7af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
#8 0x80caa74 in _start (/home/rookie/asan/zziplib-master/build/bin/unzzip-mem+0x80caa74)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/rookie/asan/zziplib-master/i686-pc-linux-gnu/zzip/…/…/zzip/mmapped.c:272 zzip_disk_entry_to_file_header
==8254==ABORTING