Note:
This project will be discontinued after December 13, 2021. [more]
2017-06-26
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.
Products | Debian_linux, Long_range_zip |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/ckolivas/lrzip/issues/74 |
Links |
• https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html
• http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in.html • https://security.gentoo.org/glsa/202005-01 |