Описание
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.0~r131-2ubuntu3.1 |
| devel | not-affected | 1.9.3-2 |
| esm-infra-legacy/trusty | released | 0.0~r114-2ubuntu1+esm2 |
| esm-infra/bionic | released | 0.0~r131-2ubuntu3.1 |
| esm-infra/focal | released | 1.9.2-2ubuntu0.20.04.1 |
| esm-infra/xenial | released | 0.0~r131-2ubuntu2+esm1 |
| focal | released | 1.9.2-2ubuntu0.20.04.1 |
| groovy | released | 1.9.2-2ubuntu0.20.10.1 |
| hirsute | released | 1.9.3-1ubuntu0.1 |
| impish | not-affected | 1.9.3-2 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
There's a flaw in lz4. An attacker who submits a crafted file to an ap ...
7.5 High
CVSS2
9.8 Critical
CVSS3