Skip to main content

Long Range Zip CVE-2017-8844

HIGH
Buffer Overflow (CWE-119)
2017-05-08 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 08, 2017 - 14:29 cve.org
HIGH 7.8

DescriptionCVE.org

The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.

AnalysisAI

The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. Affected products include: Long Range Zip Project Long Range Zip, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2018-10685 CRITICAL POC
9.8 May 02

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which al

CVE-2018-11496 MEDIUM POC
6.5 May 26

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lr

CVE-2023-39741 MEDIUM POC
5.5 Aug 17

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/l

CVE-2022-33067 MEDIUM POC
5.5 Jun 23

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Pre

CVE-2022-26291 MEDIUM POC
5.5 Mar 28

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf()

CVE-2021-27347 MEDIUM POC
5.5 Jun 10

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (D

CVE-2021-27345 MEDIUM POC
5.5 Jun 10

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a de

CVE-2019-10654 MEDIUM POC
5.5 Mar 30

The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote at

CVE-2018-9058 MEDIUM POC
5.5 Mar 27

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Rated medium sever

CVE-2018-5786 MEDIUM POC
5.5 Jan 19

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.

CVE-2018-5747 MEDIUM POC
5.5 Jan 17

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Rated medium seve

CVE-2018-5650 MEDIUM POC
5.5 Jan 12

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzi

Share

CVE-2017-8844 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy