PT-2018-10613 · Lrzip+1 · Long Range Zip+1

Twi1Ight

Publicado

2018-05-26

Atualizado

2022-10-06

CVE-2018-11496

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Long Range Zip (aka lrzip) version 0.631

Description The issue is related to a use-after-free in the read stream function in stream.c, caused by the lack of certain size validation in the decompress file function in lrzip.c.

Recommendations For Long Range Zip (aka lrzip) version 0.631, consider updating to a newer version that addresses the size validation issue in the decompress file function. As a temporary workaround, restrict the use of the decompress file function until a patch is available.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

CVE-2018-11496

DLA-2725-1

USN-5171-1

USN-5171-2

Produtos afetados

Long Range Zip

Ubuntu

PT-2018-10613 · Lrzip+1 · Long Range Zip+1

CVE-2018-11496

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27