CVE-2022-28044 — Vulnetix

CVE-2022-28044 PUBLISHED CVSS 7.5 HIGH

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

EPSS 1.04% · 77.8th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

1.04%

77.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
debian	debian_linux	9.0, 10.0, 11.0
irzip_project	irzip	0.640

Timeline

Apr 15, 2022 CVE Published
Apr 16, 2022 EPSS Score
Jun 5, 2022 EPSS Score
Jul 26, 2022 EPSS Score
Sep 14, 2022 EPSS Score
Nov 3, 2022 EPSS Score
Feb 11, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 23, 2023 EPSS Score
Jul 12, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

https://github.com/ckolivas/lrzip/issues/216 url
https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 url
[debian-lts-announce] 20220514 [SECURITY] [DLA 3005-1] lrzip security update mailing-list
DSA-5145 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-28044 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›