Lucene search

K
cveMitreCVE-2023-39741
HistoryAug 17, 2023 - 7:15 p.m.

CVE-2023-39741

2023-08-1719:15:12
CWE-787
mitre
web.nvd.nist.gov
25
cve-2023-39741
lrzip
heap overflow
libzpaq
postprocessor
write
dos

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.6%

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

Affected configurations

Nvd
Node
long_range_zip_projectlong_range_zipMatch0.651
VendorProductVersionCPE
long_range_zip_projectlong_range_zip0.651cpe:2.3:a:long_range_zip_project:long_range_zip:0.651:*:*:*:*:*:*:*

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.6%