lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
| Software | From | Fixed in |
|---|---|---|
| debian / debian_linux | 9.0 | 9.0.x |
| suse / linux_enterprise_desktop | 12-sp3 | 12-sp3.x |
| suse / linux_enterprise_server | 11-sp4 | 11-sp4.x |
| suse / linux_enterprise_server | 12-sp3 | 12-sp3.x |
| suse / linux_enterprise_debuginfo | 11-sp4 | 11-sp4.x |
| lrzsz_project / lrzsz | - | 0.12.20.x |