CVE-2017-8845Out-of-bounds Read in Range ZIP Project Long Range ZIP

CWE-125Out-of-bounds Read14 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 59.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ckolivas LrzipLong Range ZIP Project Long Range ZIP
Timeline
PublishedMay 8
Latest updateMay 14

Description

The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianckolivas/lrzip< 0.631+git180517-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
GHSA
GHSA-g9ff-p342-7vg5: The lzo1x_decompress function in liblzo22022-05-14
GHSA
GHSA-m46m-jfcx-6hx5: The lzo1x_decompress function in lzo1x_d2022-05-13
OSV
CVE-2019-10654: The lzo1x_decompress function in liblzo22019-03-30
CVEList
CVE-2019-10654: The lzo1x_decompress function in liblzo22019-03-30
CVEList
CVE-2017-8845: The lzo1x_decompress function in lzo1x_d2017-05-08

📋Vendor Advisories

2
Debian
CVE-2019-10654: lrzip - The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range...2019
Debian
CVE-2017-8845: lrzip - The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631,...2017

💬Community

4
Bugzilla
CVE-2019-10654 lrzip: Invalid memory read and application crash via crafted file2019-04-01
Bugzilla
CVE-2017-8842 CVE-2017-8843 CVE-2017-8844 CVE-2017-8845 CVE-2017-8846 CVE-2017-8847 lrzip: Multiple security vulnerabilities2017-05-09
Bugzilla
CVE-2017-8842 CVE-2017-8843 CVE-2017-8844 CVE-2017-8845 CVE-2017-8846 CVE-2017-8847 lrzip: Multiple security vulnerabilities [fedora-all]2017-05-09
Bugzilla
CVE-2017-8842 CVE-2017-8843 CVE-2017-8844 CVE-2017-8845 CVE-2017-8846 CVE-2017-8847 lrzip: Multiple security vulnerabilities [epel-all]2017-05-09
CVE-2017-8845 — Out-of-bounds Read | cvebase