CVE-2017-8846

Опубликовано: 08 мая 2017

Источник: debian

Описание

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
lrzip	fixed	0.631+git180517-1		package
lrzip	no-dsa		jessie	package
lrzip	no-dsa		wheezy	package

Примечания

https://github.com/ckolivas/lrzip/issues/71
https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/

Связанные уязвимости

CVE-2017-8846

CVSS3: 5.5

ubuntu

больше 8 лет назад

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.

CVE-2017-8846

CVSS3: 5.5

nvd

больше 8 лет назад

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.

GHSA-7qpf-hv34-vvr8

CVSS3: 5.5

github

больше 3 лет назад

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.