invalid zip file with overlapped components (possible zip bomb)

Latest response

Hi,

Could you please help me to resove the issue with unzip package .

Here is the error , i am getting

[root@backup auth-prod]# unzip backup-20200619-0420.zip
Archive: backup-20200619-0420.zip
inflating: cq-author-p4502.jar
error: invalid zip file with overlapped components (possible zip bomb)
[root@backup auth-prod]#

System details:

Red Hat Enterprise Linux Server release 7.6 (Maipo)

Linux backup.prod 3.10.0-957.21.3.el7.x86_64 #1 SMP Fri Jun 14 02:54:29 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux

Tried install the below rpm as well but did not work.
unzip-6.0-21.el7.x86_64.rpm

Thanks
Sina

Responses

Hi Sina,

Why do you post the question several times ? That won't rise chances to get an answer here. :)
Now to your question : Most probably there is something wrong with the zip file, not with unzip.

Regards,
Christian

Hi Christian,

What do you mean post the question several times ? That won't rise chances to get an answer here. :)

--Sorry did not get you ,i post only once.I don't see multiple times.And i rarely post here.Not sure where you see multiple times.

Now to your question : Most probably there is something wrong with the zip file, not with unzip.

--Its unzip properly in my laptop (mac OS) so i don't see any issue with zip file.

Some google result was showing about issue with unzip thats why i though to ask here. https://access.redhat.com/security/cve/CVE-2019-13232

Hi Sina,

When you open https://access.redhat.com/discussions, you can see the question five times. :)
Sorry that my assumption wasn't right - the error message let me assume the file is damaged.

Regards,
Christian

Thanks for informing me. Any idea how can i delete those other posts.May be i clicked post button multiple times.

Hi Sina,

Unfortunately you can't delete posts, maybe the portal maintainers will do it when they see them. :)

Regards,
Christian

Thanks. Any suggestion for the unzip issue?

Unfortunately not, Sina ... sorry for that ! :)

Regards,
Christian

Uninstall the version "unzip-6.0-21.el7.x86_64" which was having the possible zip bomb issue . Then installed the downgraded version "unzip-6.0-19.el7.x86_64" which is working fine.

Hi Sina,

Great ! Glad to see that you found a solution ... it looks as if you simply reinstalled the same version. :)

Regards,
Christian

The downgraded package has the same version?

Sorry there was typo mistake in my comment corrected it now.I installed this version " unzip-6.0-19.el7.x86_64 " and it worked.

unzip-6.0-21.el7 report an error ===>> error: invalid zip file with overlapped components (possible zip bomb)

I was unable to perform (yum downgrade unzip) and Sina's post above does not make sense. both are the same version.

while unzip-6.0-5.el6.x86_64 on EL6 does work just fine on the same file. I even copied the unzip bin to EL7 and it worked.

Sorry there was typo mistake in my comment corrected it now.I installed this version " unzip-6.0-19.el7.x86_64 " and it worked.

Sorry there was typo mistake in my comment corrected it now.I installed this version " unzip-6.0-19.el7.x86_64 " and it worked.

how did you install it ? manual rpm install ? but wont the update process overwrite it again and again ? thank you .

Downloaded the rpm and installed it manually.

Yes, downgrading is not the solution. even it works with version "unzip-6.0-20.el7.x86_64". Only issue is with version "unzip-6.0-21.el7.x86_64".

Yes correct.