Vulnerability CVE-2021-27345

Vulnerability CVE-2021-27345

Published: 2021-06-10

Description:

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.

Type:

CWE-476

(NULL Pointer Dereference)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Irzip project -> Irzip

References:

https://github.com/ckolivas/lrzip/issues/164

Copyright 2024, cxsecurity.com