PT-2022-2765 · Irzip+3 · Irzip+3

Pietroborrello

Published

2022-04-15

Updated

2024-06-07

CVE-2022-28044

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Irzip version 0.640

Description The issue is related to a heap memory corruption in the lrzip.c:initialise control component. This corruption can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Irzip version 0.640, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the lrzip.c:initialise control component to minimize the risk of exploitation.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-03285

CVE-2022-28044

DLA-3005-1

DSA-5145-1

USN-5840-1

Affected Products

Irzip

Linuxmint

Red Os

Ubuntu

PT-2022-2765 · Irzip+3 · Irzip+3

CVE-2022-28044

Weakness Enumeration

Related Identifiers

Affected Products

References · 28