CVE-2023-39743

lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3decodeblock src/libbz3.c...

Fedora 40 : perl-Compress-Raw-Lzma / xz (2025-4871b31998)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-4871b31998 advisory. xz 5.8.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but...

CVE-2023-53144

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted...

CVE-2023-53144

CVE-2023-53144 concerns the Linux kernel erofs subsystem. The connected documentation describes an identified issue where kunmap could be applied to incorrect pages during LZMA decompression on HIGHMEM platforms, leading to a NULL pointer dereference in z_erofs_lzma_decompress and related call ch...

USN-5179-1 busybox vulnerabilities

It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute...