First published: Wed Jun 22 2022(Updated: )
Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Long Range Zip Project Long Range Zip | =0.651 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-33067 is a vulnerability in Lrzip v0.651 that allows attackers to cause a Denial of Service via unspecified vectors.
CVE-2022-33067 has a severity rating of medium with a score of 5.5.
Lrzip v0.651 is affected by CVE-2022-33067.
Attackers can exploit CVE-2022-33067 to cause a Denial of Service by exploiting invalid arithmetic shifts in the get_magic function in lrzip.c and the init function in libzpaq/libzpaq.cpp.
At the moment, there is no known fix available for CVE-2022-33067. It is recommended to update to a newer version once a fix is released.