CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
28.3%
DISPUTED An issue discovered in XZ 5.2.5 allows attackers to cause a
denial of service via decompression of a crafted file. NOTE: the vendor
disputes the claims of “endless output” and “denial of service” because
decompression of the 17,486 bytes always results in 114,881,179 bytes,
which is often a reasonable size increase.
Author | Note |
---|---|
mdeslaur | There are no details about this ancient CVE. The original URL is gone and the xz-utils developers can’t reproduce it as of 2023-09-15. |