CVE-2017-8364

HIGH

rzip 2.1 - Heap-Based Buffer Overflow in read_buf Function

Title source: llm
STIX 2.1

Description

The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/04/msg00022.html

Scores

CVSS v3 7.8
EPSS 0.0171
EPSS Percentile 74.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
rzip_project/rzip 2.1
Published Apr 30, 2017
Tracked Since Feb 18, 2026