Vulnerability Details CVE-2018-10195
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.2%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 3.6
References
- http://www.ohse.de/uwe/software/lrzsz.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1572058
- https://lists.debian.org/debian-lts-announce/2022/01/msg00027.html
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003955.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003956.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
- http://www.ohse.de/uwe/software/lrzsz.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1572058
- https://lists.debian.org/debian-lts-announce/2022/01/msg00027.html
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003955.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
- https://lists.suse.com/pipermail/sle-security-updates/2018-April/003956.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
Products affected by CVE-2018-10195
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.10
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.11
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.12
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.13
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.14
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.15
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.16
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.17
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.18
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.19
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.20
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.8
-
cpe:2.3:a:lrzsz_project:lrzsz:0.12.9
-
cpe:2.3:a:suse:linux_enterprise_debuginfo:11
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:suse:linux_enterprise_desktop:12
-
cpe:2.3:o:suse:linux_enterprise_server:11
-
cpe:2.3:o:suse:linux_enterprise_server:12