CVE-2025-9396 — Improper Resource Shutdown or Release in Lrzip

CWE-404 — Improper Resource Shutdown or Release CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 89.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ckolivas Lrzip

Timeline

PublishedAug 24

Latest updateAug 25

Description

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDckolivas/lrzip0.651

▶CVEListV5ckolivas/lrzip0.651

🔴Vulnerability Details

GHSA

GHSA-7p5p-5c63-6f3w: A security flaw has been discovered in ckolivas lrzip up to 0↗2025-08-25

▶

OSV

CVE-2025-9396: A security flaw has been discovered in ckolivas lrzip up to 0↗2025-08-24

▶

CVEList

ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference↗2025-08-24

▶

📋Vendor Advisories

Debian

CVE-2025-9396: lrzip - A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts ...↗2025

▶