PT-2014-6021 · Yann Collet+4 · Lz4+4

Publicado

2014-06-27

Atualizado

2021-09-28

CVE-2014-4611

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Yann Collet LZ4 versions prior to r118 Linux kernel versions prior to 3.15.2 on 32-bit platforms

Description The issue is related to an integer overflow in the LZ4 algorithm implementation. This might allow attackers to cause a denial of service or possibly have other unspecified impacts via a crafted Literal Run. The issue arises when programs do not comply with an API limitation.

Recommendations For Yann Collet LZ4 versions prior to r118, update to version r118 or later to resolve the issue. For Linux kernel versions prior to 3.15.2 on 32-bit platforms, update to version 3.15.2 or later to resolve the issue.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2014-1847

ALT-PU-2014-2061

ALT-PU-2015-1794

CVE-2014-4611

MGASA-2014-0321

OPENSUSE-SU-2014_1677-1

OPENSUSE-SU-2024:10425-1

USN-2287-1

USN-2288-1

USN-2289-1

USN-2290-1

Produtos afetados

Alt Linux

Lz4

Linux Kernel

Suse

Ubuntu

PT-2014-6021 · Yann Collet+4 · Lz4+4

CVE-2014-4611

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 66