Описание
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.631-1+deb9u3build0.18.04.1 |
| devel | not-affected | 0.651-2 |
| esm-apps/bionic | released | 0.631-1+deb9u3build0.18.04.1 |
| esm-apps/focal | released | 0.631+git180528-1+deb10u1build0.20.04.1 |
| esm-apps/jammy | not-affected | 0.651-2 |
| esm-apps/xenial | released | 0.621-1ubuntu0.1~esm2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | released | 0.631+git180528-1+deb10u1build0.20.04.1 |
| impish | ignored | end of life |
| jammy | not-affected | 0.651-2 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.
lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.
Уязвимость функций zpaq_decompress_buf() и clear_rulist() программного средства Irzip, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3