CVE-2023-39741 — Vulnetix

CVE-2023-39741 PUBLISHED CVSS 5.5 MEDIUM

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

EPSS 0.03% · 10.7th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.03%

10.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
long_range_zip_project	long_range_zip	0.651

Timeline

Aug 17, 2023 CVE Published
Aug 18, 2023 EPSS Score
Aug 24, 2023 GitHub Gist PoC
Sep 20, 2023 EPSS Score
Oct 23, 2023 EPSS Score
Nov 26, 2023 EPSS Score
Dec 29, 2023 EPSS Score
Jan 31, 2024 EPSS Score
Mar 4, 2024 EPSS Score
Apr 7, 2024 EPSS Score
May 10, 2024 EPSS Score
Jun 12, 2024 EPSS Score

References

https://github.com/ckolivas/lrzip/issues/246 url
https://github.com/huanglei3/lrzip_poc/tree/main/lrzip_heap_overflow url
https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084 url
https://nvd.nist.gov/vuln/detail/CVE-2023-39741 advisory

Open in Interactive Console →