zlib crash bug

Skip to first unread message

Josh Bressers

Mar 25, 2022, 10:01:04 AMMar 25
to GSD
Hi all,

I just ran across this

And it got me thinking. I wonder if it would be worth watching certain git repos for keywords like "crash". I suspect any zlib bug that involves a crash of any sort is something we would want to flag.



Kurt Seifried

Mar 25, 2022, 10:09:11 AMMar 25
to Josh Bressers, GSD
I think for libraries that MUST parse untrusted input (e.g. compression libraries, AV scanners, email clients, web clients, etc.) to be of any use, or are commonly used to process untrusted input this makes sense. At a minimum the crash indicates the system can't process/scan/etc and it may fail open (pass it through), or end up in a DoS situation. Either way I expect things like gzip/tar to never puke.

Reply all
Reply to author
0 new messages