Vulnerabilities > CVE-2018-5650 - Infinite Loop vulnerability in Long Range ZIP Project Long Range ZIP 0.631

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

long-range-zip-project

CWE-835

NVD

Published: 2018-01-12

Updated: 2021-08-02

Summary

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

Vulnerable Configurations

Part	Description	Count
Application	Long_Range_Zip_Project Long Range ZIP Project Long Range ZIP 0.631	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/ckolivas/lrzip/issues/88
https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html