PT-2026-43486 · Cpan · Io::Uncompress::Unzip
Stig Palmquist
·
Published
2026-05-27
·
Updated
2026-06-25
·
CVE-2026-48959
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
IO::Uncompress::Unzip versions prior to 2.220
Description
An issue in the
fastForward() function allows CPU exhaustion. The function compares the length of the $offset variable (the digit count of the offset, ranging from 1 to 19) against the chunk size $c instead of comparing the $offset value itself. This causes the chunk size $c to shrink from 16 KiB to between 1 and 19 bytes per iteration. An attacker can trigger a per-byte read loop that scales with the compressed size of an entry, up to the 4 GiB non-Zip64 limit, by extracting a named entry from a malicious zip file using IO::Uncompress::Unzip->new($zip, Name => $target).Recommendations
Update to version 2.220 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Io::Uncompress::Unzip