Vulnerabilities > CVE-2018-11496 - Use After Free vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

long-range-zip-project

debian

CWE-416

NVD

Published: 2018-05-26

Updated: 2022-10-06

Summary

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.

Vulnerable Configurations

Part	Description	Count
Application	Long_Range_Zip_Project Long Range ZIP Project Long Range ZIP 0.631	1
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/ckolivas/lrzip/issues/96
https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html