Zipios version 0.1.7 (CVE-2019-13453)

I updated the old version of zipios to version 0.1.7 as a DoS bug was found in the older version (0.1.5).

The bug was found and fixed by Mike Salvatore of Salvator Security.

I noticed another potential problem with a second loop, so I enhanced the patch a bit.

Mike got CVE-2019-13453 registered. He also made a post about how the bug was discovered and fixed.

If you are using any version of Zipios++ version 0.1.5 (or the CVS source code) or any of the older versions, you want to upgrade to version 0.1.7 as soon as possible. The interface is exactly the same so the upgrade should be seemless.

Now, you may want to consider upgrading to version 2.x since (1) it uses C++11 (it also compiles with C++14) and (2) it has full coverage tests which reduces the chances of discovering a bug since most everything cases is already being checked.

For those only interested by the patch, I'm attaching the file to this post.

AttachmentSize
infinite_loop.patch1.57 KB

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Syndicate content

Snap! Websites
An Open Source CMS System in C++

Contact Us Directly