Lucene search

GoogleOSV:CVE-2019-10654

HistoryMar 30, 2019 - 3:29 p.m.

CVE-2019-10654

2019-03-3015:29:00

Google

osv.dev

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

61.1%

JSON

The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.

CPENameOperatorVersion
lrzipeq0.613
lrzipeq0.603
lrzipeq0.544
lrzipeq0.616
lrzipeq0.47
lrzipeq0.607
lrzipeq0.45
lrzipeq0.551
lrzipeq0.560
lrzipeq0.602

Name	Operator	Version
lrzip	eq	0.613
lrzip	eq	0.603
lrzip	eq	0.544
lrzip	eq	0.616
lrzip	eq	0.47
lrzip	eq	0.607
lrzip	eq	0.45
lrzip	eq	0.551
lrzip	eq	0.560
lrzip	eq	0.602

Rows per page:

1-10 of 391

References

github.com/ckolivas/lrzip/issues/108

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for OSV:CVE-2019-10654