First published: Tue Mar 27 2018(Updated: )
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Long Range Zip Project Long Range Zip | =0.631 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Long Range Zip (lrzip) vulnerability is CVE-2018-9058.
CVE-2018-9058 has a severity level of medium with a severity value of 5.5.
An attacker can exploit CVE-2018-9058 by leveraging the infinite loop in the runzip_fd function of runzip.c using a crafted lrz file.
The affected software version is Long Range Zip (lrzip) 0.631.
At the moment, there is no official fix available for CVE-2018-9058. It is recommended to apply any patches or updates provided by the software vendor.