mirror/libarchive
1
0
Fork 0
mirror of https://github.com/libarchive/libarchive.git synced 2026-01-29 10:54:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
libarchive/unzip
History
Peter Kästle 8ce2aca6c7 fix CVE-2025-1632 and CVE-2025-25724 (#2532) 
Hi,

please find my approach to fix the CVE-2025-1632 and CVE-2025-25724
vulnerabilities in this pr.
As both error cases did trigger a NULL pointer deref (and triggered
hopefully everywhere a coredump), we can safely replace the actual
information by a predefined invalid string without breaking any
functionality.

---------

Signed-off-by: Peter Kaestle <peter@piie.net>
(cherry picked from commit c9bc934e7e91d302e0feca6e713ccc38d6d01532)
2025-03-11 10:33:23 +01:00
..
test
Report skipped tests to cmake/ctest (#2429)
2025-03-11 10:25:58 +01:00
bsdunzip_platform.h
Convert the tools and respective tests to SPDX (#2317)
2024-10-13 09:38:25 +02:00
bsdunzip.1
Convert the tools and respective tests to SPDX (#2317)
2024-10-13 09:38:25 +02:00
bsdunzip.c
fix CVE-2025-1632 and CVE-2025-25724 (#2532)
2025-03-11 10:33:23 +01:00
bsdunzip.h
Convert the tools and respective tests to SPDX (#2317)
2024-10-13 09:38:25 +02:00
CMakeLists.txt
Add missing definition for getline polyfill (#2425)
2025-03-11 10:24:59 +01:00
cmdline.c
Convert the tools and respective tests to SPDX (#2317)
2024-10-13 09:38:25 +02:00
la_getline.c
Convert the tools and respective tests to SPDX (#2317)
2024-10-13 09:38:25 +02:00
la_getline.h
Add missing definition for getline polyfill (#2425)
2025-03-11 10:24:59 +01:00
la_queue.h
unzip: use libeal port of sys/queue.h if not available
2023-07-18 16:56:52 +02:00