CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-8845

The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.6%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
https://github.com/ckolivas/lrzip/issues/68
https://security.gentoo.org/glsa/202005-01
https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
https://github.com/ckolivas/lrzip/issues/68
https://security.gentoo.org/glsa/202005-01

Products affected by CVE-2017-8845

Long Range Zip Project » Long Range Zip » Version: 0.631

cpe:2.3:a:long_range_zip_project:long_range_zip:0.631

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8845

Products

Pricing

Contact Us