CVE-2018-10195
published 2021-06-02CVE-2018-10195: lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | lrzsz | < lrzsz 0.12.21-10 (bookworm) | lrzsz 0.12.21-10 (bookworm) |
| lrzsz_project | lrzsz | <= 0.12.20 | — |
| lrzsz_project | lrzsz | >= 0 < 0.12.21-10 | 0.12.21-10 |
| lrzsz_project | lrzsz | >= 0 < 0.12.21-10 | 0.12.21-10 |
| lrzsz_project | lrzsz | >= 0 < 0.12.21-10 | 0.12.21-10 |
| lrzsz_project | lrzsz | >= 0 < 0.12.21-10 | 0.12.21-10 |
| msrc | cbl2_lrzsz_0.12.20-50_on_cbl_mariner_2.0 | — | — |
| suse | linux_enterprise_debuginfo | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_server | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH