CVE-2025-9396

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://drive.google.com/file/d/1EFbiiM1d7Ozb0ucZt6zRO3ngU8ugUnCn/view?usp=sharing
https://github.com/ckolivas/lrzip/issues/264
https://vuldb.com/?ctiid.321232
https://vuldb.com/?id.321232
https://vuldb.com/?submit.632368
https://github.com/ckolivas/lrzip/issues/264
https://vuldb.com/?submit.632368

Configurations

No configuration.

History

25 Aug 2025, 20:24

Type	Values Removed	Values Added
Summary		(es) Se ha descubierto una falla de seguridad en ckolivas lrzip hasta la versión 0.651. Esta afecta a la función __GI_____strtol_l_internal del archivo strtol_l.c. La manipulación provoca la desreferenciación de puntero nulo. El ataque solo es posible con acceso local. Se ha hecho público el exploit y puede que sea utilizado.
References	~~() https://github.com/ckolivas/lrzip/issues/264 -~~	() https://github.com/ckolivas/lrzip/issues/264 -
References	~~() https://vuldb.com/?submit.632368 -~~	() https://vuldb.com/?submit.632368 -

24 Aug 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-24 23:15

Updated : 2025-08-25 20:24

NVD link : CVE-2025-9396

Mitre link : CVE-2025-9396

CVE.ORG link : CVE-2025-9396

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-9396", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-24T23:15:36.327", "references": [{"url": "https://drive.google.com/file/d/1EFbiiM1d7Ozb0ucZt6zRO3ngU8ugUnCn/view?usp=sharing", "source": "cna@vuldb.com"}, {"url": "https://github.com/ckolivas/lrzip/issues/264", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.321232", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.321232", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.632368", "source": "cna@vuldb.com"}, {"url": "https://github.com/ckolivas/lrzip/issues/264", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://vuldb.com/?submit.632368", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en ckolivas lrzip hasta la versi\u00f3n 0.651. Esta afecta a la funci\u00f3n __GI_____strtol_l_internal del archivo strtol_l.c. La manipulaci\u00f3n provoca la desreferenciaci\u00f3n de puntero nulo. El ataque solo es posible con acceso local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "lastModified": "2025-08-25T20:24:45.327", "sourceIdentifier": "cna@vuldb.com"}