invalid zip file with overlapped components (possible zip bomb)

Latest response

Hi,

Could you please help me to resove the issue with unzip package .

Here is the error , i am getting

[root@backup auth-prod]# unzip backup-20200619-0420.zip
Archive: backup-20200619-0420.zip
inflating: cq-author-p4502.jar
error: invalid zip file with overlapped components (possible zip bomb)
[root@backup auth-prod]#

System details:

Red Hat Enterprise Linux Server release 7.6 (Maipo)

Linux backup.prod 3.10.0-957.21.3.el7.x86_64 #1 SMP Fri Jun 14 02:54:29 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux

Tried install the below rpm as well but did not work.
unzip-6.0-21.el7.x86_64.rpm

Thanks
Sina

Responses

Hi Sina,

Why do you post the question several times ? That won't rise chances to get an answer here. :)
Now to your question : Most probably there is something wrong with the zip file, not with unzip.

Regards,
Christian

Hi Christian,

What do you mean post the question several times ? That won't rise chances to get an answer here. :)

--Sorry did not get you ,i post only once.I don't see multiple times.And i rarely post here.Not sure where you see multiple times.

Now to your question : Most probably there is something wrong with the zip file, not with unzip.

--Its unzip properly in my laptop (mac OS) so i don't see any issue with zip file.

Some google result was showing about issue with unzip thats why i though to ask here. https://access.redhat.com/security/cve/CVE-2019-13232

Hi Sina,

When you open https://access.redhat.com/discussions, you can see the question five times. :)
Sorry that my assumption wasn't right - the error message let me assume the file is damaged.

Regards,
Christian

Thanks for informing me. Any idea how can i delete those other posts.May be i clicked post button multiple times.

Hi Sina,

Unfortunately you can't delete posts, maybe the portal maintainers will do it when they see them. :)

Regards,
Christian

Thanks. Any suggestion for the unzip issue?

Unfortunately not, Sina ... sorry for that ! :)

Regards,
Christian

Uninstall the version "unzip-6.0-21.el7.x86_64" which was having the possible zip bomb issue . Then installed the downgraded version "unzip-6.0-21.el7.x86_64" which is working fine.

Hi Sina,

Great ! Glad to see that you found a solution ... it looks as if you simply reinstalled the same version. :)

Regards,
Christian

The downgraded package has the same version?