Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
383
VMScore

CVE-2018-5786

Published: 19/01/2018 Updated: 07/10/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Long Range Zip Project

Vulnerability Summary

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

long range zip project long range zip 0.631

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5145-1 lrzip -- security update
Multiple vulnerabilities have been discovered in the lrzip compression program which could result in denial of service or potentially the execution of arbitrary code For the oldstable distribution (buster), these problems have been fixed in version 0631+git180528-1+deb10u1 This update also addresses CVE-2021-27345, CVE-2020-25467 and CVE-2021-27 ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-9929: Stack buffer overflow in get_fileinfo in lrzip.c, allows attackers to cause DoS
Debian Bug report logs - #866020 lrzip: CVE-2017-9929: Stack buffer overflow in get_fileinfo in lrzipc, allows attackers to cause DoS Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Jun 2017 17:15:07 UTC Se ...
Debian CVElist Bug Report Logs: lrzip: CVE-2018-5786: Infinite Loop Vulnerability in get_fileinfo
Debian Bug report logs - #888506 lrzip: CVE-2018-5786: Infinite Loop Vulnerability in get_fileinfo Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 26 Jan 2018 14:00:02 UTC Severity: important Tags: security, up ...
Debian CVElist Bug Report Logs: lrzip: CVE-2018-5650: Infinite Loop Vulnerability in unzip_match function
Debian Bug report logs - #887065 lrzip: CVE-2018-5650: Infinite Loop Vulnerability in unzip_match function Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Jan 2018 10:51:01 UTC Severity: important Tags: secu ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-8844: heap-based buffer overflow write in read_1g
Debian Bug report logs - #863153 lrzip: CVE-2017-8844: heap-based buffer overflow write in read_1g Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 May 2017 18:45:01 UTC Severity: important Tags: security, up ...
Debian CVElist Bug Report Logs: lrzip: CVE-2018-5747: use-after-free in ucompthread (src/stream.c)
Debian Bug report logs - #898451 lrzip: CVE-2018-5747: use-after-free in ucompthread (src/streamc) Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 May 2018 19:42:01 UTC Severity: important Tags: security, u ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-9928: Stack buffer overflow in get_fileinfoin lrzip.c, allows attackers to cause DoS
Debian Bug report logs - #866022 lrzip: CVE-2017-9928: Stack buffer overflow in get_fileinfoin lrzipc, allows attackers to cause DoS Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Jun 2017 17:21:06 UTC Sev ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-8847: NULL pointer dereference in bufRead::get
Debian Bug report logs - #863145 lrzip: CVE-2017-8847: NULL pointer dereference in bufRead::get Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 May 2017 17:12:03 UTC Severity: important Tags: security, upstr ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-8845: invalid memory read in lzo_decompress_buf
Debian Bug report logs - #863151 lrzip: CVE-2017-8845: invalid memory read in lzo_decompress_buf Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 May 2017 18:36:07 UTC Severity: important Tags: security, upst ...
Debian CVElist Bug Report Logs: lrzip: CVE-2018-10685: use-after-free in lzma_decompress_buf
Debian Bug report logs - #897645 lrzip: CVE-2018-10685: use-after-free in lzma_decompress_buf Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 May 2018 18:57:01 UTC Severity: important Tags: security, upstrea ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-8842: divide-by-zero in bufRead::get
Debian Bug report logs - #863156 lrzip: CVE-2017-8842: divide-by-zero in bufRead::get Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 May 2017 18:57:02 UTC Severity: important Tags: security, upstream Found ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-8843: NULL pointer dereference in join_pthread
Debian Bug report logs - #863155 lrzip: CVE-2017-8843: NULL pointer dereference in join_pthread Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 May 2017 18:54:01 UTC Severity: important Tags: security, upstr ...
Debian CVElist Bug Report Logs: lrzip: CVE-2017-8846: use-after-free in read_stream (stream.c)
Debian Bug report logs - #863150 lrzip: CVE-2017-8846: use-after-free in read_stream (streamc) Package: src:lrzip; Maintainer for src:lrzip is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 May 2017 18:36:04 UTC Severity: important Tags: security, upstr ...

References

CWE-835https://github.com/ckolivas/lrzip/issues/91https://lists.debian.org/debian-lts-announce/2021/08/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2022/04/msg00012.htmlhttps://www.debian.org/security/2022/dsa-5145https://www.debian.org/security/2022/dsa-5145https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook