CVE-2018-10195

Summary

CVE	CVE-2018-10195
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-02 14:15:00 UTC
Updated	2022-02-21 04:59:00 UTC
Description	lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Lrzsz Project	Lrzsz	All	All	All	All
Application	Suse	Linux Enterprise Debuginfo	11	sp4	All	All
Operating System	Suse	Linux Enterprise Desktop	12	sp3	All	All
Operating System	Suse	Linux Enterprise Server	11	sp4	All	All
Operating System	Suse	Linux Enterprise Server	12	sp3	All	All

References

Reference	Source	Link	Tags
SUSE-SU-2018:1066-1: moderate: Security update for rzsz	MISC	lists.suse.com
1572058 – (CVE-2018-10195) CVE-2018-10195 lrzsz: Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver	MISC	bugzilla.redhat.com
SUSE-SU-2018:1070-1: moderate: Security update for rzsz	MISC	lists.suse.com
[SECURITY] [DLA 2900-1] lrzsz security update	MLIST	lists.debian.org
lrzsz	MISC	www.ohse.de
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

179038 Debian Security Update for lrzsz (DLA 2900-1)
901121 Common Base Linux Mariner (CBL-Mariner) Security Update for lrzsz (7285)