lrzsz buffer overflow
Bug #1719953 reported by
Felipe Gasper
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lrzsz (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
There’s a buffer overflow bug in lrzsz’s zsdata() function: if the length of the data to be sent is 0, then we spit out roughly 55,000 bytes.
This can be triggered by sending the abort sequence (0x18 0x18 0x18 0x18 0x18 0x08 0x08 0x08 0x08 0x08) to sz while sz is sending a file.
There’s a patch here: https:/
Where is the canonical repo for lrzsz now? Uwe Ohse doesn’t seem to maintain it actively anymore.
CVE References
To post a comment you must log in.
This issue has been assigned CVE-2017-10195 and has been resolved in the following Ubuntu releases:
trusty: 0.12.21- 10~build0. 14.04.1 10~build0. 16.04.1 10~build0. 18.04.1
xenial: 0.12.21-
bionic: 0.12.21-
cosmic: 0.12.21-10