CVE-2018-10195

CWE-190 — Integer Overflow9 documents8 sources

Severity

7.1HIGH

EPSS

0.1%

top 82.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lrzsz Project Lrzsz Debian Debian Linux Suse Linux Enterprise Debuginfo +2 more

Timeline

PublishedJun 2

Latest updateMay 24

Description

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages5 packages

▶Debianlrzsz< 0.12.21-10+3

▶NVDlrzsz_project/lrzsz0.12.20

▶NVDsuse/linux_enterprise_server11, 12+1

▶NVDsuse/linux_enterprise_desktop12

▶NVDsuse/linux_enterprise_debuginfo11

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-54q2-pv96-8qc2: lrzsz before version 0↗2022-05-24

▶

OSV

CVE-2018-10195: lrzsz before version 0↗2021-06-02

▶

CVEList

CVE-2018-10195: lrzsz before version 0↗2021-06-02

▶

📋Vendor Advisories

Microsoft

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.↗2021-06-08

▶

Red Hat

lrzsz: Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver↗2018-04-18

▶

Debian

CVE-2018-10195: lrzsz - lrzsz before version 0.12.21~rc can leak information to the receiving side due t...↗2018

▶

💬Community

Bugzilla

CVE-2018-10195 lrzsz: Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver [fedora-all]↗2018-04-26

▶

Bugzilla

CVE-2018-10195 lrzsz: Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver↗2018-04-26

▶