Critical .zip vulnerabilities? - Zip Slip and ZipperDown

Ry_yb5Oipq0/default.jpg

What is going on with .zip files. What is this new critical vulnerability that seems to affect everything? ... old is new again.

Resources:
- ZipperDown: https://zipperdown.org/
- Zip Slip: https://snyk.io/research/zip-slip-vul...
- Zip Specification: https://pkware.cachefly.net/webdocs/c...
- The Complete Guide to Hacking WWIV: http://phrack.org/issues/34/5.html#ar...
- Go library Fix Bypass: https://github.com/mholt/archiver/pul...

Gynvael:
- Hacking Livestream #53: The ZIP file format https://www.youtube.com/watch?v=X7j2s...
- Ten thousand security pitfalls: the ZIP file format http://gynvael.coldwind.pl/?id=682
- GynvaelEN Channel: https://www.youtube.com/GynvaelEN
- Twitter: https://twitter.com/gynvael

Ange Albertini / Corkami
- Funky Fileformats Talk: https://www.youtube.com/watch?v=hdCs6...
- Funky Fileformats Slides: https://events.ccc.de/congress/2014/F...
- Twitter: https://twitter.com/angealbertini / https://twitter.com/corkami

--------------------------------------
Twitter: https://twitter.com/LiveOverflow
Website: http://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
Facebook: https://www.facebook.com/LiveOverflow/

Ry_yb5Oipq0/default.jpg
Critical .zip vulnerabilities? - Zip Slip and ZipperDown Critical .zip vulnerabilities? - Zip Slip and ZipperDown Reviewed by Dump3R H3id3gg3R on June 10, 2018 Rating: 5