Описание
ELSA-2021-2575: lz4 security update (MODERATE)
[1.8.3-3]
- Fix memory corruption due to an integer overflow _ Resolves: CVE-2021-3520
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
lz4
1.8.3-3.el8_4
lz4-devel
1.8.3-3.el8_4
lz4-libs
1.8.3-3.el8_4
Oracle Linux x86_64
lz4
1.8.3-3.el8_4
lz4-devel
1.8.3-3.el8_4
lz4-libs
1.8.3-3.el8_4
Связанные CVE
Связанные уязвимости
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
There's a flaw in lz4. An attacker who submits a crafted file to an ap ...
