CVE-2018-9058 — Infinite Loop in Range ZIP Project Long Range ZIP

CWE-835 — Infinite Loop10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 37.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ckolivas Lrzip Long Range ZIP Project Long Range ZIP

Timeline

PublishedMar 27

Latest updateMay 13

Description

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlong_range_zip_project/long_range_zip0.631

▶Debianckolivas/lrzip< 0.631+git180517-1+3

🔴Vulnerability Details

GHSA

GHSA-4cpq-g6gc-93vr: In Long Range Zip (aka lrzip) 0↗2022-05-13

▶

CVEList

CVE-2018-9058: In Long Range Zip (aka lrzip) 0↗2018-03-27

▶

OSV

CVE-2018-9058: In Long Range Zip (aka lrzip) 0↗2018-03-27

▶

📋Vendor Advisories

Ubuntu

Long Range ZIP vulnerabilities↗2021-12-09

▶

Ubuntu

Long Range ZIP vulnerabilities↗2021-12-06

▶

Debian

CVE-2018-9058: lrzip - In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd ...↗2018

▶

💬Community

Bugzilla

CVE-2018-9058 lrzip: Infinite loop in runzip.z:runzip_fd() allows for denial of service↗2018-04-03

▶

Bugzilla

CVE-2018-9058 lrzip: Infinite loop in runzip.z:runzip_fd() allows for denial of service [fedora-26]↗2018-04-03

▶

Bugzilla

CVE-2018-9058 lrzip: Infinite loop in runzip.z:runzip_fd() allows for denial of service [epel-all]↗2018-04-03

▶