Key Information: Vulnerability Type: Memory Leak Affected Function: fill_buffer() Related Project: lrzip Reporter: Clingto Report Date: May 19, 2021 Closed Date: February 27, 2022 CVE ID: CVE-2021-33451 System Environment: - Ubuntu 16.04.6 LTS - X64 - gcc 5.4.0 - lrzip latest branch version (commit ID: 465afe8) Compilation Commands: Execution Command: Proof of Concept File: - https://github.com/Clingto/POC/blob/master/MSA/lrzip/lrzip-561-fill_buffer-memory-leak Memory Leak Details: ASAN Detection Results: - Direct leak of 24 byte(s) in 1 object(s) allocated from: - fill_buffer() - read_stream() - Direct leak of 48 byte(s) in 2 object(s) allocated from: - fill_buffer() - read_stream()