PT-2022-19238 · Ireader+9 · Reader+9

Adam Korczynski

+1

·

Published

2022-10-04

·

Updated

2024-09-25

·

CVE-2022-2879

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Reader (affected versions not specified)
Description The issue is related to the Reader.Read function not setting a limit on the maximum size of file headers. A maliciously crafted archive could cause Reader.Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After the fix, Reader.Read limits the maximum size of header blocks to 1 MiB.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2023:0328
ALSA-2023:0446
ALSA-2023:2204
ALSA-2023:2780
ALSA-2024:0121
ALT-PU-2022-2743
ALT-PU-2022-2873
ALT-PU-2023-1205
AZL-11128
AZL-37526
AZL-41393
AZL-41765
AZL-41786
AZL-41787
AZL-41901
AZL-44052
AZL-44091
AZL-44523
AZL-79006
BIT-GOLANG-2022-2879
CESA-2023_0446
CESA-2023_2780
CESA-2024_0121
CESA-2024_2988
CVE-2022-2879
GO-2022-1037
INFSA-2024_2988
MGASA-2022-0377
OESA-2022-2004
OPENSUSE-SU-2022_3668-1
OPENSUSE-SU-2022_3669-1
OPENSUSE-SU-2024:12391-1
OPENSUSE-SU-2024:12392-1
OPENSUSE-SU-2024:12421-1
RHSA-2022:7398
RHSA-2023:0328
RHSA-2023:0445
RHSA-2023:0446
RHSA-2023:0708
RHSA-2023:0727
RHSA-2023:2204
RHSA-2023:2780
RHSA-2023:3613
RHSA-2023:4003
RHSA-2023_0328
RHSA-2023_0446
RHSA-2023_2204
RHSA-2023_2780
RHSA-2024:0121
RHSA-2024:2988
RHSA-2024_0121
RHSA-2024_2988
RLSA-2023:0328
RLSA-2023:0446
SUSE-SU-2022:3668-1
SUSE-SU-2022:3669-1
SUSE-SU-2022_3668-1
SUSE-SU-2022_3669-1
SUSE-SU-2023:2312-1
USN-6038-1
USN-6038-2

Affected Products

Alt Linux
Almalinux
Centos
Debian
Linuxmint
Reader
Red Hat
Rocky Linux
Suse
Ubuntu