First published: Fri Jan 12 2018(Updated: )
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Long Range Zip Project Long Range Zip | =0.631 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-5650 is a vulnerability in Long Range Zip (lrzip) 0.631 that allows remote attackers to cause a denial of service through an infinite loop in the unzip_match function.
CVE-2018-5650 has a severity score of 5.5, which is considered medium.
The affected software version is Long Range Zip (lrzip) 0.631.
To fix CVE-2018-5650, it is recommended to update Long Range Zip (lrzip) to a version that addresses the vulnerability.
More information about CVE-2018-5650 can be found in the references: [GitHub issue](https://github.com/ckolivas/lrzip/issues/88) and [Debian LTS announcement](https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html).