Login Sign Up

CVE-2022-28044

9.8 CRITICAL
Denial of Service

📋 TL;DR

CVE-2022-28044 is a heap memory corruption vulnerability in lrzip's initialise_control function that allows attackers to execute arbitrary code or cause denial of service. This affects systems running lrzip v0.640 for file compression/decompression operations. Users processing untrusted archives with lrzip are particularly vulnerable.

💻 Affected Systems

Products:
  • lrzip
Versions: Version 0.640 specifically
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any system with lrzip v0.640 installed is vulnerable when processing archives.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Irzip by Irzip Project

View all CVEs affecting Irzip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the lrzip process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing maliciously crafted archives.

🟢

If Mitigated

Limited to denial of service if proper sandboxing/privilege separation is implemented.

🌐 Internet-Facing: MEDIUM - Requires user to process malicious archives, but lrzip is often used for downloaded files.
🏢 Internal Only: MEDIUM - Internal users could exploit via malicious archives in shared storage or email attachments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub issues. Exploitation requires user to process a malicious archive.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 5faf80cd53ecfd16b636d653483144cd12004f46

Vendor Advisory: https://www.debian.org/security/2022/dsa-5145

Restart Required: No

Instructions:

1. Update lrzip package using system package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade lrzip. 3. For source install: git pull from repository and rebuild.

🔧 Temporary Workarounds

Disable lrzip usage

linux

Remove or disable lrzip binary to prevent exploitation

sudo apt remove lrzip
sudo rm /usr/bin/lrzip

Restrict file processing

all

Implement strict file validation before lrzip processes archives

🧯 If You Can't Patch

  • Implement strict access controls to limit who can run lrzip
  • Use containerization/sandboxing to isolate lrzip processes

🔍 How to Verify

Check if Vulnerable:

Check lrzip version: lrzip --version | grep 'lrzip version'

Check Version:

lrzip --version

Verify Fix Applied:

Verify version is newer than 0.640 or check for commit 5faf80cd53ecfd16b636d653483144cd12004f46 in source

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from lrzip process
  • Unexpected memory access errors

Network Indicators:

  • Unusual outbound connections after lrzip execution

SIEM Query:

process_name='lrzip' AND (event_id='SIGSEGV' OR exit_code='139')

📊 Metadata

CVE ID: CVE-2022-28044
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 15, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28044, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)