Skip to main content

Long Range Zip CVE-2017-9928

MEDIUM
Buffer Overflow (CWE-119)
2017-06-26 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 26, 2017 - 07:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

AnalysisAI

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. Affected products include: Long Range Zip Project Long Range Zip, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2018-10685 CRITICAL POC
9.8 May 02

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which al

CVE-2018-11496 MEDIUM POC
6.5 May 26

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lr

CVE-2023-39741 MEDIUM POC
5.5 Aug 17

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/l

CVE-2022-33067 MEDIUM POC
5.5 Jun 23

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Pre

CVE-2022-26291 MEDIUM POC
5.5 Mar 28

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf()

CVE-2021-27347 MEDIUM POC
5.5 Jun 10

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (D

CVE-2021-27345 MEDIUM POC
5.5 Jun 10

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a de

CVE-2019-10654 MEDIUM POC
5.5 Mar 30

The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote at

CVE-2018-9058 MEDIUM POC
5.5 Mar 27

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Rated medium sever

CVE-2018-5786 MEDIUM POC
5.5 Jan 19

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.

CVE-2018-5747 MEDIUM POC
5.5 Jan 17

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Rated medium seve

CVE-2018-5650 MEDIUM POC
5.5 Jan 12

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzi

Share

CVE-2017-9928 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy