CVE-2021-27345: 
Linux Debian vulnerability analysis and mitigation

A null pointer dereference vulnerability was discovered in ucompthread function within stream.c in Irzip 0.631. This vulnerability was assigned CVE-2021-27345 and was publicly disclosed on June 10, 2021. The vulnerability affects the Long Range ZIP (lrzip) compression software and its implementations (NVD, CVE).

The vulnerability is characterized by a null pointer dereference in the ucompthread function located in stream.c. It has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) (NVD).

When exploited, this vulnerability allows attackers to cause a denial of service (DoS) condition via a crafted compressed file. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (Ubuntu, Debian).

Multiple distributions have released patches to address this vulnerability. Debian released version 0.631-1+deb9u2 for Stretch, Ubuntu has fixed it in version 0.631+git180528-1+deb10u1build0.20.04.1 for focal release, and 0.631-1+deb9u3build0.18.04.1 for bionic release (Debian LTS, Ubuntu).