CVE-2018-10195

Опубликовано: 18 апр. 2018

Источник: redhat

CVSS3: 4.4

EPSS Низкий

Описание

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

Отчет

This issue did not affect the versions of lrzsz as shipped with Red Hat Enterprise Linux 5, 6, and 7. A patch was already applied for this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	lrzsz	Not affected
Red Hat Enterprise Linux 6	lrzsz	Not affected
Red Hat Enterprise Linux 7	lrzsz	Not affected
Red Hat Enterprise Linux 8	lrzsz	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1572058lrzsz: Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver

EPSS

Процентиль: 16%

0.00051

Низкий

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2018-10195

CVSS3: 7.1

ubuntu

больше 4 лет назад

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

CVE-2018-10195

CVSS3: 7.1

nvd

больше 4 лет назад

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

CVE-2018-10195

CVSS3: 7.1

msrc

4 месяца назад

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

CVE-2018-10195

CVSS3: 7.1

debian

больше 4 лет назад

lrzsz before version 0.12.21~rc can leak information to the receiving ...

SUSE-SU-2018:1070-1

suse-cvrf

почти 8 лет назад

Security update for rzsz

EPSS

Процентиль: 16%

0.00051

Низкий

4.4 Medium

CVSS3