CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability

hi,

I found a denial of service vulnerability in XZ 5.2.5, and it both work on Windows and linux.When the xz decompress a designed file from hacker,it could cause endless output,and leading to denial of service.

Here is the step of POC:

Windows version

use xz.exe -c -d payload ,you can see endless output like this:

use xz.exe -c -d payload > result to save the output leading denial of service.

Linux version

use ./bin/unxz -c payload or ./bin/unxz -c payload you can see endless output like this:

use ./bin/unxz -c payload > result or ./bin/unxz -c payload > result to save the output leading denial of service.

payload hash

md5 : 87e02b7762ced66fc8efd2d607d31e07

sha256 : fa8920eb80bc90aea829260ec2606c8bd6de03f5aaeea4160fcbc3935ffd1888

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
img		img
README.md		README.md
payload		payload

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

img

img

README.md

README.md

payload

payload

Repository files navigation

CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability

Windows version

Linux version

payload hash

About

Releases

Packages

snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability

Folders and files

Latest commit

History

Repository files navigation

CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability

Windows version

Linux version

payload hash

About

Resources

Stars

Watchers

Forks