ALT-PU-2016-3245-1
Closed vulnerabilities
Published: 2020-08-26
BDU:2021-04643
Уязвимость функции lzo_decompress_buf компонента stream.c программы сжатия Lrzip, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2021-06-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-25467
A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
- https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
- https://github.com/ckolivas/lrzip/issues/163
- https://github.com/ckolivas/lrzip/issues/163
- [debian-lts-announce] 20220413 [SECURITY] [DLA 2981-1] lrzip security update
- [debian-lts-announce] 20220413 [SECURITY] [DLA 2981-1] lrzip security update