CVE-2022-33067 — Range ZIP Project Long Range ZIP vulnerability

5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 75.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Long Range ZIP Project Long Range ZIP

Timeline

PublishedJun 23

Latest updateJun 24

Description

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlong_range_zip_project/long_range_zip0.651

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-wpqj-885v-f52w: Lrzip v0↗2022-06-24

▶

OSV

CVE-2022-33067: Lrzip v0↗2022-06-23

▶

CVEList

CVE-2022-33067: Lrzip v0↗2022-06-22

▶

📋Vendor Advisories

Debian

CVE-2022-33067: lrzip - Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via th...↗2022

▶