The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
References
| Link | Resource |
|---|---|
| https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/ | Third Party Advisory VDB Entry |
| https://github.com/ckolivas/lrzip/issues/70 | Issue Tracking Patch Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html | Mailing List Third Party Advisory |
| https://security.gentoo.org/glsa/202005-01 | Third Party Advisory |
Configurations
History
09 Dec 2022, 16:05
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Debian
Debian debian Linux |
|
| CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
| References | (GENTOO) https://security.gentoo.org/glsa/202005-01 - Third Party Advisory | |
| References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html - Mailing List, Third Party Advisory |
02 Sep 2022, 16:32
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| CPE | cpe:2.3:a:long_range_zip_project:long_range_zip:0.631:*:*:*:*:*:*:* | |
| First Time |
Long Range Zip Project
Long Range Zip Project long Range Zip |
Information
Published : 2017-05-08 14:29
Updated : 2023-12-10 12:01
NVD link : CVE-2017-8844
Mitre link : CVE-2017-8844
CVE.ORG link : CVE-2017-8844
JSON object : View
Products Affected
long_range_zip_project
- long_range_zip
debian
- debian_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer