You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This vulnerability is of java.lang.ArrayIndexOutOfBoundsException, and can be triggered in latest version zip4j (2.9.0).
It is caused by missing check the array index < array size and also failing to catch the runtime java exception (it should be wrapped as one kind of JSONException) and can be used for attackers to launch DoS (Denial of Service) attack for any java program that uses this library (since the user of zip4j doesn't know they need to catch this kind of exception) (CWE-129: Improper Validation of Array Index, CWE-248: Uncaught exception).
Likely, the root cause of this crash is in net.lingala.zip4j.headers.HeaderReader.readAesExtraDataRecord::HeaderReader.java:677.
Build the following java code with the corresponding zip4j library (version 2.9.0).
## Download zip4j_env_reproduce.tar.gz from https://drive.google.com/file/d/1MekCBIghKxIW4j-TLjZkm8ovvLb_grm5/view?usp=sharing
tar -xf zip4j_env_reproduce.tar.gz
cd zip4j_env_reproduce
bash build.sh
This vulnerability is of java.lang.ArrayIndexOutOfBoundsException, and can be triggered in latest version zip4j (2.9.0).
It is caused by missing check the array index < array size and also failing to catch the runtime java exception (it should be wrapped as one kind of JSONException) and can be used for attackers to launch DoS (Denial of Service) attack for any java program that uses this library (since the user of zip4j doesn't know they need to catch this kind of exception) (CWE-129: Improper Validation of Array Index, CWE-248: Uncaught exception).
Likely, the root cause of this crash is in
net.lingala.zip4j.headers.HeaderReader.readAesExtraDataRecord::HeaderReader.java:677
.zip4j/src/main/java/net/lingala/zip4j/headers/HeaderReader.java
Line 677 in ce1cff6
See more detail from the following crash stack.
Crash stack:
The crash thread's stack is as follows:
Steps to reproduce:
(poc file can be downloaded from https://drive.google.com/file/d/1s3ixcpQ6H0O5QBNsvqBtFVrn34OhcSsX/view?usp=sharing)
Any further discussion for this vulnerability including fix is welcomed!
The text was updated successfully, but these errors were encountered: