 |
Thank you for the report, and welcome to the community! This vulnerability has been marked as "disputed" - which means, there is insufficient evidence to show that this vulnerability really exists. The upstream project has confirmed this as well. https://github.com/tukaani-project/xz/issues/61#issuecomment-1723915860 https://secalerts.co/vulnerability/CVE-2020-22916 Attempting to exploit this vulnerability does not lead to the results as reported. [root@xmpp01 tmp]# unxz -c payload Bz xz xIIIIIIIIIIIZunxz: payload: Compressed data is corrupt Was this CVE reported by some sort of security/vulnerability scanner? If so, which scanner software was used? |
 |
To answer the question on used scanner software: no, I did not use a specific scanner for this. I just happened to look at xz version and I was previously aware of the vulnerability report for it, was not aware that being disputed made it ok. I must be a little too cautious here. Sorry for the noise. BTW, I did not find a way to add a note else than using the "Request Feedback on Issue" field. |
|
|
Sorry again, after refreshing the page the 'add note' field popped up. |
- Anonymous
