CVE-2017-8364

Published: 30 April 2017

The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.

From the Ubuntu security team

Agostino Sarubbo discovered that rzip has a heap-based buffer overflow vulnerability. An attacker could use this issue to cause a DoS or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
rzip
Launchpad, Ubuntu, Debian
Upstream
Released (2.1-4.1, 2.1-1+deb7u1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.1-4.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.1-2ubuntu0.14.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.1-2ubuntu0.14.04.1])