Menu

#734 found denial of service attack (DoS)

Fixed
None
Medium
Defect
2023-02-26
2023-01-20
lometsj
No

tested on fedora 37
attachment include poc file and screenshot
i also test on v9.0.0 release peazip
my pc even freeze due to cpu resource exhaustion

1 Attachments

Discussion

  • Giorgio Tani

    Giorgio Tani - 2023-01-23

    Thank you for reporting the issue.
    If the End Of Archive tag is not found in the archive file, the application currently does not correctly terminate and re-start parsing the archive, due to a bug.
    In the next update the application will terminate and display a specific error if the End Of Archive tag is missing.

     
  • Giorgio Tani

    Giorgio Tani - 2023-02-26
    • status: New --> Fixed
     
  • Giorgio Tani

    Giorgio Tani - 2023-02-26

    Pea was updated to 1.12 version in new PeaZip 9.1.0 release.
    The Pea update was meant to properly handle malformed PEA archives, including cases of incorrect compression buffer size, missing end of archive tag, and other cases of invalid/incomplete header and incorrect termination of the archive.
    Thank you again for your feedback and please feel free to add any further information in case of other issues.

     

Log in to post a comment.