CVE-2022-28044

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-28044
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28044.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-28044
Downstream
Published
2022-04-15T14:15:07Z
Modified
2025-10-21T07:00:21.863735Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

References

Affected packages

Git / github.com/ckolivas/lrzip

Affected ranges

Type
GIT
Repo
https://github.com/ckolivas/lrzip
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5faf80cd53ecfd16b636d653483144cd12004f46

Affected versions

v0.*

v0.45
v0.46
v0.47
v0.5
v0.5.1
v0.5.2
v0.520
v0.530
v0.540
v0.541
v0.542
v0.543
v0.544
v0.550
v0.551
v0.552
v0.560
v0.570
v0.571
v0.600
v0.601
v0.602
v0.603
v0.604
v0.605
v0.606
v0.607
v0.608
v0.610
v0.611
v0.612
v0.613
v0.614
v0.615
v0.616
v0.620
v0.621
v0.630
v0.631
v0.640
v0.641

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-28044-02a575bb",
        "source": "https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "initialise_control",
            "file": "lrzip.c"
        },
        "digest": {
            "function_hash": "120048619747224409916841126767272423200",
            "length": 1566.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-28044-0e2298fd",
        "source": "https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "lrzip.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "32634138615718809964073267684721307603",
                "333115761268172430863105423186445599314",
                "282639360963176870613674811544082100536",
                "33453472139807350500083824286263070894"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-28044-0f96b237",
        "source": "https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "main.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "5077610801880557088080381726860767758",
                "337784186053025208768889595787438886142",
                "161444481033092378204180813182909534901",
                "148188151204422471616059364413063341896",
                "110482256496147789852872728738598464162",
                "58876312583648958315126660211030886150",
                "60156686757340159650042981101271527763",
                "54407390705087063506082963213712324866"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-28044-b72392ef",
        "source": "https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "main",
            "file": "main.c"
        },
        "digest": {
            "function_hash": "299357695356841408367873967738251196859",
            "length": 10610.0
        },
        "signature_type": "Function"
    }
]