PT-2023-11638 · Xz+2 · Xz+2

Snappyjack

Publicado

2023-08-22

Atualizado

2024-11-05

CVE-2020-22916

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions XZ version 5.2.5

Description An issue in XZ allows attackers to cause a denial of service via decompression of a crafted file. The vendor disputes the claims of "endless output" and "denial of service" because decompression of a 17,486 bytes file always results in 114,881,179 bytes, which is often a reasonable size increase.

Recommendations For XZ version 5.2.5, update to version 5.2.9 to fix the security issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2024-1246

ALT-PU-2024-14986

ALT-PU-2024-8803

CVE-2020-22916

Produtos afetados

Alt Linux

Xz Utils

PT-2023-11638 · Xz+2 · Xz+2

CVE-2020-22916

Identificadores relacionados

Produtos afetados

Referências · 15