9.8

CVE-2022-28044

Exploit
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Irzip ProjectIrzip Version0.640
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.9% 0.771
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.debian.org/security/2022/dsa-5145
Third Party Advisory
Mailing List
https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46
Patch
Third Party Advisory
https://github.com/ckolivas/lrzip/issues/216
Patch
Third Party Advisory
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/05/msg00016.html
Third Party Advisory
Mailing List