PT-2014-6020 · Lzo+5 · Liblzo2+6

Don A. Bailey

·

Publicado

2014-07-08

·

Atualizado

2024-06-15

·

CVE-2014-4607

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions liblzo2 versions prior to 2.07 lzo-2 versions prior to 2.07
Description The issue is related to an integer overflow in the LZO algorithm variant. This might allow remote attackers to execute arbitrary code via a crafted Literal Run. The estimated number of potentially affected devices is not specified.
Recommendations For liblzo2 versions prior to 2.07, update to version 2.07 or later. For lzo-2 versions prior to 2.07, update to version 2.07 or later. As a temporary workaround, consider restricting access to the LZO algorithm variant until a patch is available.

Exploit

Correção

RCE

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2014-1929
AZL-40776
CESA-2014_0861
CVE-2014-4607
DLA-1445-1
DLA-2559-1
DLA-35-1
DSA-2995-1
MGASA-2014-0290
MGASA-2014-0351
MGASA-2014-0352
MGASA-2014-0355
MGASA-2014-0356
MGASA-2014-0357
MGASA-2014-0358
MGASA-2014-0359
MGASA-2014-0360
MGASA-2014-0361
MGASA-2014-0362
MGASA-2014-0363
MGASA-2014-0378
MGASA-2014-0432
OPENSUSE-SU-2024:10342-1
OPENSUSE-SU-2024:10854-1
OPENSUSE-SU-2024:11089-1
RHSA-2014:0861
RHSA-2014_0861
SUSE-SU-2014_0904-1
SUSE-SU-2014_0955-1
USN-2300-1

Produtos afetados

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Liblzo2
Lzo-2