The vulnerability of the lzo_decompress_buf function in the stream.c component of the Lrzip compression algorithm, related to pointer arithmetic errors, allows a hacker to cause a service failure.

🗓️ 20 Sep 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in lzo_decompress_buf of stream.c in Lrzip enables failure from crafted files due to pointer errors.

Reporter	Title	Published	Views	Family All 30
AlpineLinux	CVE-2020-25467	10 Jun 202115:41	–	alpinelinux
CNNVD	Irzip 代码问题漏洞	10 Jun 202100:00	–	cnnvd
CNVD	Irzip Null Pointer Dereference Vulnerability (CNVD-2021-48849)	11 Jun 202100:00	–	cnvd
CVE	CVE-2020-25467	10 Jun 202115:41	–	cve
Cvelist	CVE-2020-25467	10 Jun 202115:41	–	cvelist
Debian	[SECURITY] [DLA 2981-1] lrzip security update	13 Apr 202213:47	–	debian
Debian	[SECURITY] [DSA 5145-1] lrzip security update	24 May 202217:48	–	debian
Debian CVE	CVE-2020-25467	10 Jun 202115:41	–	debiancve
Tenable Nessus	Debian DLA-2981-1 : lrzip - LTS security update	13 Apr 202200:00	–	nessus
Tenable Nessus	Debian DSA-5145-1 : lrzip - security update	24 May 202200:00	–	nessus

Vulners

Node

con_kolivas lrzipRange≤0.641

Source	Link
bugs	www.bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
github	www.github.com/ckolivas/lrzip/issues/163
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-25467
security-tracker	www.security-tracker.debian.org/tracker/CVE-2020-25467
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.5/
web	www.web.nvd.nist.gov/view/vuln/detail

18 Oct 2022 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.3

CVSS 36.5

EPSS0.00613

lzo_decompress_buf stream component lrzip program pointer arithmetic errors crafted files