CVE-2022-33067

Description

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.

References

ExploitIssue TrackingPatchThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

4.300000190734863

VectorString

AV:N/AC:M/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE