CVE-2018-10195: Integer Overflow
First published: Thu Apr 26 2018(Updated: )
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lrzsz Project Lrzsz | <=0.12.20 | |
| SUSE Linux Enterprise Debuginfo | =11-sp4 | |
| SUSE Linux Enterprise Desktop | =12-sp3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Server | =12-sp3 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ohse.de/uwe/software/lrzsz.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1572058
- https://lists.debian.org/debian-lts-announce/2022/01/msg00027.html
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003955.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003956.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
- https://bugzilla.novell.com/show_bug.cgi?id=1090051
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1572059
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=75473
- https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1572058#c3
Frequently Asked Questions
What is CVE-2018-10195?
CVE-2018-10195 is a vulnerability in Lrzsz before version 0.12.21~rc that can leak information to the receiving side.
What is the severity of CVE-2018-10195?
The severity of CVE-2018-10195 is high with a CVSS score of 7.1.
How can CVE-2018-10195 be exploited?
CVE-2018-10195 can be exploited by attackers who have control over the receiving end of an lrzsz connection and can trigger the incorrect length check in the zsdata function.
Which software versions are affected by CVE-2018-10195?
Lrzsz version 0.12.20 and earlier are affected by CVE-2018-10195.
How can I fix CVE-2018-10195?
To fix CVE-2018-10195, update to version 0.12.21~rc or later of Lrzsz.
- agent/first-publish-date
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-10195
- vendor/lrzsz project
- canonical/lrzsz project lrzsz
- version/lrzsz project lrzsz/0.12.20
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11-sp4
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/12-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- version/suse linux enterprise server/12-sp3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0