Описание
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| lz4-java | unfixed | package | ||
| lz4-java | no-dsa | trixie | package | |
| lz4-java | no-dsa | bookworm | package | |
| lz4-java | no-dsa | bullseye | package |
Примечания
https://www.openwall.com/lists/oss-security/2025/12/01/5
Releases 1.8.1, 1.9.0, and 1.10.0 of yawkat LZ4 Java contain multiple sparsely
documented patches to address this CVE.
Связанные уязвимости
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS
Уязвимость функции LZ4_decompress_fast() библиотеки для сжатия данных lz4-java, позволяющая нарушителю вызвать отказ в обслуживании и раскрыть защищаемую информацию