CVE-2018-10195

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
lrzsz_projectlrzsz
𝑥
≤ 0.12.20
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lrzsz
bookworm
0.12.21-10
fixed
bullseye
0.12.21-10
fixed
jessie
no-dsa
wheezy
no-dsa
sid
0.12.21rc-0.1
fixed
trixie
0.12.21rc-0.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lrzsz
cosmic
not-affected
bionic
Fixed 0.12.21-10~build0.18.04.1
released
artful
ignored
xenial
Fixed 0.12.21-10~build0.16.04.1
released
trusty
Fixed 0.12.21-10~build0.14.04.1
released
Common Weakness Enumeration
References
http://www.ohse.de/uwe/software/lrzsz.html
https://bugzilla.redhat.com/show_bug.cgi?id=1572058
https://lists.debian.org/debian-lts-announce/2022/01/msg00027.html
https://lists.suse.com/pipermail/sle-security-updates/2018-April/003955.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
https://lists.suse.com/pipermail/sle-security-updates/2018-April/003956.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
http://www.ohse.de/uwe/software/lrzsz.html
https://bugzilla.redhat.com/show_bug.cgi?id=1572058
https://lists.debian.org/debian-lts-announce/2022/01/msg00027.html
https://lists.suse.com/pipermail/sle-security-updates/2018-April/003955.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931
https://lists.suse.com/pipermail/sle-security-updates/2018-April/003956.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931