CVE-2017-9928

Sažetak

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

Reference

https://github.com/ckolivas/lrzip/issues/74
http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in.html
https://security.gentoo.org/glsa/202005-01
https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

09-12-2022 - 15:59

Objavljeno

26-06-2017 - 07:29