FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lrzsz -- Integer overflow in zmodem, crash and information leak

Affected packages
lrzsz < 0.12.20_7

Details

VuXML ID adffe51e-9df5-11ef-a660-d85ed309193e
Discovery 2018-04-26
Entry 2024-11-08

cve@mitre.org reports:

Lrzsz has an integer overflow vulernability in the src/zm.c:zsdata() function. An attacker could exploit this with the sz command to cause a crash or potentially leak information to the receiving server.

[source]

References

CVE Name CVE-2018-10195
URL https://nvd.nist.gov/vuln/detail/CVE-2018-10195

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.