CVE-2017-8845

Metadata

medium
4.3
lzo2
CVE-2017-8845
cve.mitre.org, blogs.gentoo.org, github.com
2017-05-08
2017-10-23 14:27
CVE-2017-8845 lrzip
CVE-2017-8845 lzo2
2017-10-17 20:45
2017-08-01 15:04
2017-07-20 21:33
2017-06-16 19:23
2017-06-15 17:13
2017-06-12 19:03
2017-05-11 02:04

Description

The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful lzo2 None
devel lzo2 None
precise/esm lzo2 None
trusty lzo2 None
upstream lzo2 None
xenial lzo2 None
zesty lzo2 None

Unaffected

Release Package Reason
vivid/stable-phone-overlay lzo2 ignored
vivid/ubuntu-core lzo2 ignored
yakkety lzo2 ignored