Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-4607

Опубликовано: 26 июн. 2014
Источник: redhat
CVSS2: 5.1

Описание

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5busyboxWill not fix
Red Hat Enterprise Linux 5dumpWill not fix
Red Hat Enterprise Linux 5gnutlsNot affected
Red Hat Enterprise Linux 6busyboxWill not fix
Red Hat Enterprise Linux 6dumpWill not fix
Red Hat Enterprise Linux 6kdenetworkUnder investigation
Red Hat Enterprise Linux 7dumpWill not fix
Red Hat Enterprise Linux 7grub2Under investigation
Red Hat Enterprise Linux 7kdenetworkUnder investigation
Red Hat Enterprise Linux 6lzoFixedRHSA-2014:086109.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1112418lzo: lzo1x_decompress_safe() integer overflow

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-4607

CVSS3: 8.8
ubuntu
больше 5 лет назад

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

nvd логотип

CVE-2014-4607

CVSS3: 8.8
nvd
больше 5 лет назад

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

msrc логотип

CVE-2014-4607

msrc
2 месяца назад

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

debian логотип

CVE-2014-4607

CVSS3: 8.8
debian
больше 5 лет назад

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and ...

github логотип

GHSA-cmpx-jgrc-px9h

github
больше 3 лет назад

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

5.1 Medium

CVSS2