Base Score

MEDIUM5.5

CVE-2017-9929

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.

VectorLOCAL

Published Bycve@mitre.org

Published DateJun 26, 2017, 07:29

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in_24.html
https://github.com/ckolivas/lrzip/issues/75
https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html
https://security.gentoo.org/glsa/202005-01

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH