CVE-2017-9928 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 37.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ckolivas Lrzip Debian Linux Long Range ZIP Project Long Range ZIP

Timeline

PublishedJun 26

Latest updateMay 13

Description

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianckolivas/lrzip< 0.631+git180517-1+3

▶NVDlong_range_zip_project/long_range_zip0.631

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-684p-g32j-92wp: In lrzip 0↗2022-05-13

▶

CVEList

CVE-2017-9928: In lrzip 0↗2017-06-26

▶

OSV

CVE-2017-9928: In lrzip 0↗2017-06-26

▶

📋Vendor Advisories

Ubuntu

Long Range ZIP vulnerabilities↗2021-12-09

▶

Ubuntu

Long Range ZIP vulnerabilities↗2021-12-06

▶

Debian

CVE-2017-9928: lrzip - In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo i...↗2017

▶

💬Community

Bugzilla

CVE-2017-9928 CVE-2017-9929 lrzip: Multiple security issues↗2017-07-10

▶

Bugzilla

CVE-2017-9928 CVE-2017-9929 lrzip: Multiple security issues [fedora-all]↗2017-07-10

▶

Bugzilla

CVE-2017-9928 CVE-2017-9929 lrzip: Multiple security issues [epel-all]↗2017-07-10

▶