GHSA-4wp2-8rm2-jgmh

Опубликовано: 28 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

LZ4 vulnerable to Out-of-bounds Write

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

Ссылки

Пакеты

Наименование

github.com/cloudflare/golz4

Затронутые версииВерсия исправления

< 0.0.0-20140711154735-199f5f787806

0.0.0-20140711154735-199f5f787806

EPSS

Процентиль: 75%

0.00874

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2014-125026

Дефекты

CWE-787

Связанные уязвимости

CVE-2014-125026

CVSS3: 9.8

redhat

около 3 лет назад

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

CVE-2014-125026

CVSS3: 9.8

nvd

около 3 лет назад

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

EPSS

Процентиль: 75%

0.00874

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2014-125026

Дефекты

CWE-787