ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference_CVE-2025-9396

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-9396

Source VulDB

Published Aug 24, 2025 at 22:32

Affected Product

Vendor ckolivas

Product lrzip

Version 0.651

Affected Versions ckolivas lrzip 0.651

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.",
    "published": "2025-08-24T22:32:07.835Z",
    "modified": "2025-08-24T22:32:07.835Z",
    "type": "cve",
    "title": "ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321232\nhttps://vuldb.com/?ctiid.321232\nhttps://vuldb.com/?submit.632368\nhttps://github.com/ckolivas/lrzip/issues/264\nhttps://drive.google.com/file/d/1EFbiiM1d7Ozb0ucZt6zRO3ngU8ugUnCn/view?usp=sharing",
    "id": "CVE-2025-9396",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "ckolivas lrzip 0.651",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "lrzip",
    "version": "0.651",
    "vendor": "ckolivas",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ckolivas lrzip strtol_l.c GI___strtol_l_internal null pointer dereference_CVE-2025-9396