Path: csiph.com!goblin2!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail
From: nafiez <nafiez.skins@gmail.com>
Newsgroups: gnu.utils.bug
Subject: Vulnerability Report: Heap-Buffer-Overflow on Sharutils (unshar) 4.15.2
Date: Wed, 21 Feb 2018 15:17:55 +0800
Lines: 79
Approved: bug-gnu-utils@gnu.org
Message-ID: <mailman.9561.1519222136.27995.bug-gnu-utils@gnu.org>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------C0DA77C5BEFD055D8A444E39"
X-Trace: usenet.stanford.edu 1519222137 3055 208.118.235.17 (21 Feb 2018 14:08:57 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bug-gnu-utils@gnu.org
Envelope-to: bug-gnu-utils@gnu.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-language; bh=Q/nAIhzhOLAyDJYW112a+mM8ubmxT5mA5uK2ZBRvBzE=; b=j0oIXPDIp4Szqqy6vZUY7uTsuQYyYAri6AFzXWhW5yW/vEZ+8yXy27Rm94SQUmTw/3 LPkhzuubmtfZxN/NX+zb+D4GqIRDkJsZ2fMT4dmsuBcKWIr0DIo0HNFPnCLrOS1du4fI 23/Dxt0H+pELLZRVqhXbf8F2okT6zxMRkoZvMu87aLzIf3rFHWN79sfaVdHsg3DHLrM6 kqTzK8w2SGPYZ7iAOmNtEo0LJaHyjBQIDWtTn4WICemtlRwwTpcFOEGGSzCT2guiVST4 TiOD89GZ/CPXse1Mke+5l5rZ/C+zJxi0SXDMqQw8Pf+CKvQVz4yIt+ekJHX1+VrK8bLW G3IA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language; bh=Q/nAIhzhOLAyDJYW112a+mM8ubmxT5mA5uK2ZBRvBzE=; b=fBEaFTDuPBwTLf91Xss5+zfQ4JWRbt7WsLG9Vcdzer+RHQoAOErx6u0axrN6t//t0r PUGUW2oKL4g60A2hN0Oq41wqDcdj4d01Y/tb5OI7s5qemQwRNzNtv7qKzutmHK1WRUiM G9fmC5adHfQYZYyjcz8pRG5R8kyODtH1wLhAREYxWeZGGlOqQXx7NREM/26e1e0THXU9 AVeCiWrXtNyoLmQ/YN2gVrfi8ibNPvxXLdmOBGe2HrycbW9S1ZPI0s22CJ7FA8FOvOX5 iNULKvaVMCl/Sgf+kF925HlSxSb5TsigviRvuSpTKyQ4wr1G6tsUswqJHGu9cP4oGEh9 Pn8Q==
X-Gm-Message-State: APf1xPALCauKsrm2bHG1RDdGhVAhyPE1QfJeeMT6MNFku4G29toBEJvB xyKcKqVNVX93ZPsBaryZc0clGbhG
X-Google-Smtp-Source: AH8x2242rIB40XldcHYivDLRIaYJ3/xVmnoftDjrysY98yTTeL6DAGmmdiAsuF7AQE3rTDx45v2hRA==
X-Received: by 10.107.140.86 with SMTP id o83mr2909027iod.127.1519197480492; Tue, 20 Feb 2018 23:18:00 -0800 (PST)
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
Content-Language: en-US
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized.
X-Received-From: 2607:f8b0:4001:c06::233
X-Mailman-Approved-At: Wed, 21 Feb 2018 09:08:52 -0500
X-BeenThere: bug-gnu-utils@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Bug reports for the GNU utilities <bug-gnu-utils.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-utils/>
List-Post: <mailto:bug-gnu-utils@gnu.org>
List-Help: <mailto:bug-gnu-utils-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=subscribe>
Xref: csiph.com gnu.utils.bug:2230

This is a multi-part message in MIME format.
--------------C0DA77C5BEFD055D8A444E39
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

SGksDQoNCkFub3RoZXIgaXNzdWUgZm91bmQgd2FzIGhlYXAtYnVmZmVyLW92ZXJmbG93IG9u
IFNoYXJ1dGlscyAodW5zaGFyKQ0KNC4xNS4yLiBBdHRhY2hlZCBpcyB0aGUgZnV6emVkIGZp
bGUuDQoNCkJlbG93IGFyZSB0aGUgQVNBTiBvdXRwdXQ6DQoNCmpvaG5AZnV6emluZzp+L3No
YXJ1dGlscy00LjE1LjIvc3JjJCAuL3Vuc2hhcg0Kb3V0L2NyYXNoZXMvaWQ6MDAwMDAwLHNp
ZzowNixzcmM6MDAwMDA1KzAwMDAzMCxvcDpzcGxpY2UscmVwOjQNCj09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQo9
PTExMTY0PT1FUlJPUjogQWRkcmVzc1Nhbml0aXplcjogaGVhcC1idWZmZXItb3ZlcmZsb3cg
b24gYWRkcmVzcw0KMHhiNTkwMTEwMCBhdCBwYyAweDA4MDRjNjk1IGJwIDB4YmZlODZmMjgg
c3AgMHhiZmU4NmYxOA0KUkVBRCBvZiBzaXplIDEgYXQgMHhiNTkwMTEwMCB0aHJlYWQgVDAN
CsKgwqDCoCAjMCAweDgwNGM2OTQgaW4gbG9va3NfbGlrZV9jX2NvZGUNCi9ob21lL2pvaG4v
c2hhcnV0aWxzLTQuMTUuMi9zcmMvdW5zaGFyLmM6NzUNCsKgwqDCoCAjMSAweDgwNGM2OTQg
aW4gZmluZF9hcmNoaXZlDQovaG9tZS9qb2huL3NoYXJ1dGlscy00LjE1LjIvc3JjL3Vuc2hh
ci5jOjI1Mw0KwqDCoMKgICMyIDB4ODA0YzY5NCBpbiB1bnNoYXJfZmlsZSAvaG9tZS9qb2hu
L3NoYXJ1dGlscy00LjE1LjIvc3JjL3Vuc2hhci5jOjM3OQ0KwqDCoMKgICMzIDB4ODA0YTJm
NCBpbiB2YWxpZGF0ZV9mbmFtZQ0KL2hvbWUvam9obi9zaGFydXRpbHMtNC4xNS4yL3NyYy91
bnNoYXItb3B0cy5jOjYwNA0KwqDCoMKgICM0IDB4ODA0YTJmNCBpbiBtYWluIC9ob21lL2pv
aG4vc2hhcnV0aWxzLTQuMTUuMi9zcmMvdW5zaGFyLW9wdHMuYzo2MzkNCsKgwqDCoCAjNSAw
eGI3MGFiNjM2IGluIF9fbGliY19zdGFydF9tYWluDQooL2xpYi9pMzg2LWxpbnV4LWdudS9s
aWJjLnNvLjYrMHgxODYzNikNCsKgwqDCoCAjNiAweDgwNGFiOTXCoCAoL2hvbWUvam9obi9z
aGFydXRpbHMtNC4xNS4yL3NyYy91bnNoYXIrMHg4MDRhYjk1KQ0KDQoweGI1OTAxMTAwIGlz
IGxvY2F0ZWQgMCBieXRlcyB0byB0aGUgcmlnaHQgb2YgNDA5Ni1ieXRlIHJlZ2lvbg0KWzB4
YjU5MDAxMDAsMHhiNTkwMTEwMCkNCmFsbG9jYXRlZCBieSB0aHJlYWQgVDAgaGVyZToNCsKg
wqDCoCAjMCAweGI3MmRmZGVlIGluIG1hbGxvYyAoL3Vzci9saWIvaTM4Ni1saW51eC1nbnUv
bGliYXNhbi5zby4yKzB4OTZkZWUpDQrCoMKgwqAgIzEgMHg4MDRjOWU0IGluIGluaXRfdW5z
aGFyIC9ob21lL2pvaG4vc2hhcnV0aWxzLTQuMTUuMi9zcmMvdW5zaGFyLmM6NDUwDQrCoMKg
wqAgIzIgMHhiNzBhYjYzNiBpbiBfX2xpYmNfc3RhcnRfbWFpbg0KKC9saWIvaTM4Ni1saW51
eC1nbnUvbGliYy5zby42KzB4MTg2MzYpDQoNClNVTU1BUlk6IEFkZHJlc3NTYW5pdGl6ZXI6
IGhlYXAtYnVmZmVyLW92ZXJmbG93DQovaG9tZS9qb2huL3NoYXJ1dGlscy00LjE1LjIvc3Jj
L3Vuc2hhci5jOjc1IGxvb2tzX2xpa2VfY19jb2RlDQpTaGFkb3cgYnl0ZXMgYXJvdW5kIHRo
ZSBidWdneSBhZGRyZXNzOg0KwqAgMHgzNmIyMDFkMDogMDAgMDAgMDAgMDAgMDAgMDAgMDAg
MDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDANCsKgIDB4MzZiMjAxZTA6IDAwIDAwIDAwIDAw
IDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwDQrCoCAweDM2YjIwMWYwOiAw
MCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMA0KwqAgMHgz
NmIyMDIwMDogMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAg
MDANCsKgIDB4MzZiMjAyMTA6IDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAwIDAw
IDAwIDAwIDAwIDAwDQo9PjB4MzZiMjAyMjA6W2ZhXWZhIGZhIGZhIGZhIGZhIGZhIGZhIGZh
IGZhIGZhIGZhIGZhIGZhIGZhIGZhDQrCoCAweDM2YjIwMjMwOiBmYSBmYSBmYSBmYSBmYSBm
YSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYQ0KwqAgMHgzNmIyMDI0MDogZmEgZmEg
ZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmENCsKgIDB4MzZiMjAy
NTA6IGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhIGZhDQrC
oCAweDM2YjIwMjYwOiBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBmYSBm
YSBmYSBmYQ0KwqAgMHgzNmIyMDI3MDogZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEgZmEg
ZmEgZmEgZmEgZmEgZmEgZmENClNoYWRvdyBieXRlIGxlZ2VuZCAob25lIHNoYWRvdyBieXRl
IHJlcHJlc2VudHMgOCBhcHBsaWNhdGlvbiBieXRlcyk6DQrCoCBBZGRyZXNzYWJsZTrCoMKg
wqDCoMKgwqDCoMKgwqDCoCAwMA0KwqAgUGFydGlhbGx5IGFkZHJlc3NhYmxlOiAwMSAwMiAw
MyAwNCAwNSAwNiAwNw0KwqAgSGVhcCBsZWZ0IHJlZHpvbmU6wqDCoMKgwqDCoMKgIGZhDQrC
oCBIZWFwIHJpZ2h0IHJlZHpvbmU6wqDCoMKgwqDCoCBmYg0KwqAgRnJlZWQgaGVhcCByZWdp
b246wqDCoMKgwqDCoMKgIGZkDQrCoCBTdGFjayBsZWZ0IHJlZHpvbmU6wqDCoMKgwqDCoCBm
MQ0KwqAgU3RhY2sgbWlkIHJlZHpvbmU6wqDCoMKgwqDCoMKgIGYyDQrCoCBTdGFjayByaWdo
dCByZWR6b25lOsKgwqDCoMKgIGYzDQoNCsKgIFN0YWNrIHBhcnRpYWwgcmVkem9uZTrCoMKg
IGY0DQrCoCBTdGFjayBhZnRlciByZXR1cm46wqDCoMKgwqDCoCBmNQ0KwqAgU3RhY2sgdXNl
IGFmdGVyIHNjb3BlOsKgwqAgZjgNCsKgIEdsb2JhbCByZWR6b25lOsKgwqDCoMKgwqDCoMKg
wqDCoCBmOQ0KwqAgR2xvYmFsIGluaXQgb3JkZXI6wqDCoMKgwqDCoMKgIGY2DQrCoCBQb2lz
b25lZCBieSB1c2VyOsKgwqDCoMKgwqDCoMKgIGY3DQrCoCBDb250YWluZXIgb3ZlcmZsb3c6
wqDCoMKgwqDCoCBmYw0KwqAgQXJyYXkgY29va2llOsKgwqDCoMKgwqDCoMKgwqDCoMKgwqAg
YWMNCsKgIEludHJhIG9iamVjdCByZWR6b25lOsKgwqDCoCBiYg0KwqAgQVNhbiBpbnRlcm5h
bDrCoMKgwqDCoMKgwqDCoMKgwqDCoCBmZQ0KPT0xMTE2ND09QUJPUlRJTkcNCg0KVGhhbmtz
LA0KDQpOYWZpZXoNCg0K
--------------C0DA77C5BEFD055D8A444E39
Content-Type: application/x-zip-compressed;
 name="heap-buffer-overflow.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="heap-buffer-overflow.zip"

UEsDBBQACQAIAHd3VUwohfRoTwAAAOxSAAAyABwAaWQ6MDAwMDAwLHNpZzowNixzcmM6MDAw
MDA1KzAwMDAzMCxvcDpzcGxpY2UscmVwOjRVVAkAA+IYjVqdHI1adXgLAAEE6AMAAAToAwAA
5xpQIwXmTrcb9HMn940oo5aRmyQd/FZG/8Y4J5jIa79i48v4aTJ0TVD+ERC/VUN6FN/Bskex
6D1u8W67sglx2NYfsOSOti+y10tKsiD9qVBLBwgohfRoTwAAAOxSAABQSwECHgMUAAkACAB3
d1VMKIX0aE8AAADsUgAAMgAYAAAAAAAAAAAAgIEAAAAAaWQ6MDAwMDAwLHNpZzowNixzcmM6
MDAwMDA1KzAwMDAzMCxvcDpzcGxpY2UscmVwOjRVVAUAA+IYjVp1eAsAAQToAwAABOgDAABQ
SwUGAAAAAAEAAQB4AAAAywAAAAAA
--------------C0DA77C5BEFD055D8A444E39--