5.5

CVE-2020-22916

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TukaaniXz Version5.2.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.148
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2234987
https://bugzilla.suse.com/show_bug.cgi?id=1214590
https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability
Broken Link
https://github.com/tukaani-project/xz/issues/61
https://security-tracker.debian.org/tracker/CVE-2020-22916
https://tukaani.org/xz/
Product