CVE-2026-34743
MEDIUM5.3EPSS 0.06%發布日:2026/4/2修改日:2026/4/29
也稱為:ALPINE-CVE-2026-34743
描述
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.
受影響套件(2)
- Alpine/xzfrom 0, < 5.8.3-r0
- Debian/xz-utilsfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |