CVE-2018-5650 — Infinite Loop in Range ZIP Project Long Range ZIP

CWE-835 — Infinite Loop10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 39.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ckolivas Lrzip Long Range ZIP Project Long Range ZIP

Timeline

PublishedJan 12

Latest updateMay 13

Description

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlong_range_zip_project/long_range_zip0.631

▶Debianckolivas/lrzip< 0.631+git180517-1+3

🔴Vulnerability Details

GHSA

GHSA-rp45-6hq7-5w57: In Long Range Zip (aka lrzip) 0↗2022-05-13

▶

CVEList

CVE-2018-5650: In Long Range Zip (aka lrzip) 0↗2018-01-12

▶

OSV

CVE-2018-5650: In Long Range Zip (aka lrzip) 0↗2018-01-12

▶

📋Vendor Advisories

Ubuntu

Long Range ZIP vulnerabilities↗2021-12-09

▶

Ubuntu

Long Range ZIP vulnerabilities↗2021-12-06

▶

Debian

CVE-2018-5650: lrzip - In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application h...↗2018

▶

💬Community

Bugzilla

CVE-2018-5650 lrzip: Infinite loop in runzip.c:unzip_match can allow remote attacker to cause denial of service↗2018-01-15

▶

Bugzilla

CVE-2018-5650 lrzip: Infinite loop in runzip.c:unzip_match can allow remote attacker to cause denial of service [epel-all]↗2018-01-15

▶

Bugzilla

CVE-2018-5650 lrzip: Infinite loop in runzip.c:unzip_match can allow remote attacker to cause denial of service [fedora-all]↗2018-01-15

▶