In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rubyzip | Rubyzip_project | * | * |