CVE-2018-11496

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Long Range Zip (aka lrzip) version 0.631

Description The issue is related to a use-after-free in the read stream function in stream.c, caused by the lack of certain size validation in the decompress file function in lrzip.c.

Recommendations For Long Range Zip (aka lrzip) version 0.631, consider updating to a newer version that addresses the size validation issue in the decompress file function. As a temporary workaround, restrict the use of the decompress file function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2018-11496

DLA-2725-1

USN-5171-1

USN-5171-2

Affected Products

Long Range Zip

Ubuntu

CVE-2018-11496

Weakness Enumeration

Related Identifiers

Affected Products

References · 27