CVE-2021-27347

Name

CVE-2021-27347

Description

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://github.com/ckolivas/lrzip/issues/165
MLIST	https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:irzip_project:irzip:0.631:::::::*`	irzip	== None	== 0.631
`cpe:2.3:a:long_range_zip_project:long_range_zip:0.631:::::::*`	long_range_zip	== None	== 0.631

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
lrzip	edge-community	0.640-r0	Roberto Oliveira <robertoguimaraes8@gmail.com>	fixed
lrzip	3.22-community	0.640-r0	None	fixed
lrzip	3.21-community	0.640-r0	None	fixed
lrzip	3.20-community	0.640-r0	None	fixed
lrzip	3.19-community	0.640-r0	None	fixed
lrzip	3.18-community	0.640-r0	None	fixed
lrzip	3.17-community	0.640-r0	None	fixed