zoo
Page content
- Author: voroskoi
- Vulnerable: 2.10-4
- Unaffected: 2.10-5terminus1
It’s possible to make the ZOO implementation to enter in an infinite loop condition. The vulnerability lies in the algorithm used to locate the files inside the archive. Each file in a ZOO archive is identified by a direntry structure. Those structures are linked between themselves with a ’next’ pointer. This pointer is in fact an offset from the beginning of the file, representing the next direntry structure. By specifying an already processed file, it’s possible to process more than one time this same file. The ZOO parser will then enter an infinite loop condition.
- Bug Tracker URL: http://bugs.frugalware.org/task/2065