REDHAT-BUG-2234987: Low severity tukaani xz vulnerability
Published Aug 25, 2023
·Updated
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file.
References:
https://tukaani.org/xz/ https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability
Affected Software
1 affected component
Tukaani XZ
Event History
Aug 25, 2023
Data Sourced
08:58 PM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of REDHAT-BUG-2234987?
REDHAT-BUG-2234987 is classified as a denial of service vulnerability in XZ 5.2.5.
2
How does REDHAT-BUG-2234987 affect users?
Users of XZ 5.2.5 can experience denial of service when attempting to decompress crafted files.
3
How do I fix REDHAT-BUG-2234987?
To address REDHAT-BUG-2234987, users should update to a patched version of the XZ software as soon as it is available.
4
What software versions are impacted by REDHAT-BUG-2234987?
REDHAT-BUG-2234987 specifically affects the XZ version 5.2.5.
5
Is there a workaround for REDHAT-BUG-2234987 until a fix is available?
Currently, there are no known workarounds for REDHAT-BUG-2234987; users should avoid processing untrusted files.