CVE-2014-125026

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

Ссылки

https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
Patch
Third Party Advisory
https://github.com/cloudflare/golz4/issues/5
Issue Tracking
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0022
Patch
Vendor Advisory
https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
Patch
Third Party Advisory
https://github.com/cloudflare/golz4/issues/5
Issue Tracking
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0022
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudflare:golz4:*:*:*:*:*:go:*:*

Версия до 2014-07-11 (исключая)

EPSS

Процентиль: 75%

0.00874

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-787

Связанные уязвимости

CVE-2014-125026

CVSS3: 9.8

redhat

около 3 лет назад

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

GHSA-4wp2-8rm2-jgmh

CVSS3: 9.8

github

около 3 лет назад

LZ4 vulnerable to Out-of-bounds Write

EPSS

Процентиль: 75%

0.00874

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-787