Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-33067

Published: Jun 23, 2022 | Modified: Jun 30, 2022
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-33067
CWEhttps://cwe.mitre.org/data/definitions/.html

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Long_range_zip Long_range_zip_project 0.651 (including) 0.651 (including)
Lrzip Ubuntu bionic *
Lrzip Ubuntu impish *
Lrzip Ubuntu kinetic *
Lrzip Ubuntu lunar *
Lrzip Ubuntu mantic *
Zpaq Ubuntu bionic *
Zpaq Ubuntu impish *
Zpaq Ubuntu kinetic *
Zpaq Ubuntu lunar *
Zpaq Ubuntu mantic *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use