Vulnerability Note VU#383779
ZIP archives containing files with large filenames can cause buffer overflows
Multiple file decompression utilities contain buffer overflow vulnerabilities for which the impacts vary.
Researchers at Rapid7, Inc. have discovered that multiple file decompression utilities are susceptible to buffer overflows as a result of large filenames embedded in crafted ZIP archive files. When affected users attempt to decompress these ZIP files, the buffer overflow may result in execution of arbitrary code.
The impact of this vulnerability may vary depending upon the product and its execution environment. Typically, successful exploitation of a buffer overflow will allow the attacker to execute arbitrary code with the privileges of the user running the application.
If you are a vendor and your product is affected, let
us know.View More »
Apply a patch
The vendor section of this document lists vendors who have been notified of this issue and their responses.
This vulnerability was reported to the CERT/CC by Rapid7, Inc.
This document was written by Jeffrey P. Lanza.
02 Oct 2002
Date First Published:
02 Oct 2002
Date Last Updated:
06 Jan 2003
If you have feedback, comments, or additional information about this vulnerability, please send us email.