Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-22916

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

Published

2023-08-22T19:16:19.407

Last Modified

2024-11-21T05:13:28.693

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tukaani	xz	5.2.5	Yes

References

http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2234987 ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1214590 ([email protected])
https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability Broken Link ([email protected])
https://github.com/tukaani-project/xz/issues/61 ([email protected])
https://security-tracker.debian.org/tracker/CVE-2020-22916 ([email protected])
https://tukaani.org/xz/ Product ([email protected])
http://web.archive.org/web/20230918084612/https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2234987 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1214590 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tukaani-project/xz/issues/61 (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2020-22916 (af854a3a-2127-422b-91ae-364da2661108)
https://tukaani.org/xz/ Product (af854a3a-2127-422b-91ae-364da2661108)