| Title | libarchive bsdunzip 3.77 NULL Pointer Dereference |
|---|
| Description | **Description**
A segv can occur in bsdunzip when using the -Z1 options with a specially crafted input file. This issue leads to memory corruption (illegal memory read access) and crashes.
**Affected Version**
Libarchive bsdunzip 3.77
**Steps to Reproduce**
Build bsdunzip with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address" ./configure && make -j).
Run the following command:
bin/bsdunzip -Z1 /tmp/poc
aaa
12.zip
12.zip
AddressSanitizer:DEADLYSIGNAL
=================================================================
==88388==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fb22385d915 bp 0x7ffe84154060 sp 0x7ffe841537d8 T0)
==88388==The signal is caused by a READ memory access.
==88388==Hint: address points to the zero page.
#0 0x7fb22385d914 (/lib/x86_64-linux-gnu/libc.so.6+0x188914)
#1 0x7fb223b27e22 in __interceptor_puts ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1226
#2 0x55a97d2ba7d6 in list unzip/bsdunzip.c:901
#3 0x55a97d2baf3d in unzip unzip/bsdunzip.c:1024
#4 0x55a97d2bbb84 in main unzip/bsdunzip.c:1258
#5 0x7fb2236f9082 in __libc_start_main ../csu/libc-start.c:308
#6 0x55a97d2b6ded in _start (/data/swj/optfuzz/benchmark/libarchive-3.7.7/test_bins/bin/bsdunzip+0x20ded)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x188914)
==88388==ABORTING
**Env**
Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal |
|---|
| Source | ⚠️ https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc |
|---|
| User | rookie (UID 80861) |
|---|
| Submission | 02/07/2025 08:12 AM (3 months ago) |
|---|
| Moderation | 02/24/2025 08:00 AM (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 296619 [libarchive up to 3.7.7 bsdunzip.c list null pointer dereference] |
|---|
| Points | 20 |
|---|