First Last Prev Next    This bug is not in your last search results.
Bug 1045990 - (CVE-2017-9928) VUL-0: CVE-2017-9928: lrzip: Stack buffer overflow in get_fileinfoin lrzip.c:979, allows attackers to cause DoS
(CVE-2017-9928)
VUL-0: CVE-2017-9928: lrzip: Stack buffer overflow in get_fileinfoin lrzip.c:...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/187306/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-26 14:09 UTC by Johannes Segitz
Modified: 2020-08-19 13:57 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (109 bytes, application/octet-stream)
2017-06-26 14:09 UTC, Johannes Segitz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-06-26 14:09:56 UTC 
Created attachment 730219 [details]
Reproducer

CVE-2017-9928

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo
in lrzip.c:979, which allows attackers to cause a denial of service via a
crafted file.

Martin, last change was done by you. If you don't want to take it please needinfo us. Thanks.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9928
https://github.com/ckolivas/lrzip/issues/74
http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in.html
Comment 1 Wolfgang Frisch 2020-08-19 13:57:08 UTC 
lrzip is not part of any (open)SUSE distribution anymore.
First Last Prev Next    This bug is not in your last search results.