New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG]A carefully crafted RAR archive can trigger an infinite loop while parsing. #73
Comments
|
How did you find out, if I may ask? |
Hi @gotson, We found this sample using a testing technique called fuzzing. |
|
It doesn't seem the provided file is even a rar file, no ? |
|
Hi @gotson , this infinite loop PoC file we provided here is indeed a broken RAR file. We use fuzzing to iteratively mutate some valid RAR files to test the junrar. |
|
Thanks, i manage to reproduce in the tests, will have a look. |
## [7.4.1](v7.4.0...v7.4.1) (2022-01-27) ### Bug Fixes * invalid subheader type would throw npe and make the extract loop ([7b16b3d](7b16b3d)), closes [#73](#73)
## [7.4.1](v7.4.0...v7.4.1) (2022-01-27) ### Bug Fixes * invalid subheader type would throw npe and make the extract loop ([7b16b3d](7b16b3d)), closes [#73](#73)
|
The release is available on:
Your semantic-release bot |
|
Hi @gotson , are you willing to help us to request a CVE ID through GitHub Security Advisories for this bug, which can cause Denial of Service. You can follow this tutorial to manage your bug fixing and alert any downstream dependencies of the issue so they can patch immediately if using the broken release. Thanks for your help! |
Thanks, it's a new process to me, but that's actually a good idea. |
## [7.4.1](v7.4.0...v7.4.1) (2022-03-02) ### Bug Fixes * invalid subheader type would throw npe and make the extract loop ([7b16b3d](7b16b3d)), closes [junrar#73](https://github.com/andrebrait/junrar/issues/73)
Describe the bug
A carefully crafted RAR archive can trigger an infinite loop while parsing the file. This could be used to mount a denial of service attack against services that use junrar.
To Reproduce
Expected behavior
Infinite loop.
File
loop-913d3158487310b1b4b74086ab888f5ed56a8493.zip
Environment (please complete the following information):
Additional context
It seems this PoC can reach [this while loop] (
junrar/src/main/java/com/github/junrar/unpack/vm/RarVM.java
Lines 227 to 629 in dc3d299
but never break.
The text was updated successfully, but these errors were encountered: