PT-2014-2057 · Yann Collet+1 · Lz4+1

Published

2014-07-01

Updated

2021-09-28

CVE-2014-4715

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions LZ4 versions prior to r119

Description The issue is related to errors in number processing in the LZ4 lossless data compression algorithm. It may allow a remote attacker to cause a denial of service, potentially through memory corruption, by exploiting the vulnerability with a crafted Literal Run.

Recommendations For versions prior to r119, update to version r119 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LZ4 compression algorithm on 32-bit platforms until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2024-06975

CVE-2014-4715

Affected Products

Lz4

Suse

PT-2014-2057 · Yann Collet+1 · Lz4+1

CVE-2014-4715

Weakness Enumeration

Related Identifiers

Affected Products

References · 19