Описание
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
Отчет
This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | lz4 | Not affected | ||
| Red Hat build of Quarkus | lz4 | Affected | ||
| Red Hat Enterprise Linux 7 | lz4 | Out of support scope | ||
| Red Hat Enterprise Linux 9 | lz4 | Not affected | ||
| Red Hat Fuse 7 | lz4 | Fix deferred | ||
| Red Hat JBoss Fuse 6 | lz4 | Out of support scope | ||
| Red Hat AMQ Streams 2.1.0 | lz4 | Fixed | RHSA-2022:1345 | 13.04.2022 |
| Red Hat AMQ Streams 2.7.0 | Fixed | RHSA-2024:3527 | 30.05.2024 | |
| Red Hat Enterprise Linux 8 | lz4 | Fixed | RHSA-2021:2575 | 29.06.2021 |
| Red Hat Migration Toolkit for Containers 1.4 | rhmtc/openshift-migration-controller-rhel8 | Fixed | RHBA-2021:2854 | 21.07.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
Связанные уязвимости
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
There's a flaw in lz4. An attacker who submits a crafted file to an ap ...
EPSS
8.6 High
CVSS3