PT-2014-6021 · Yann Collet+4 · Lz4+4

Published

2014-06-27

Updated

2021-09-28

CVE-2014-4611

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Yann Collet LZ4 versions prior to r118 Linux kernel versions prior to 3.15.2 on 32-bit platforms

Description The issue is related to an integer overflow in the LZ4 algorithm implementation. This might allow attackers to cause a denial of service or possibly have other unspecified impacts via a crafted Literal Run. The issue arises when programs do not comply with an API limitation.

Recommendations For Yann Collet LZ4 versions prior to r118, update to version r118 or later to resolve the issue. For Linux kernel versions prior to 3.15.2 on 32-bit platforms, update to version 3.15.2 or later to resolve the issue.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2014-1847

ALT-PU-2014-2061

ALT-PU-2015-1794

CVE-2014-4611

MGASA-2014-0321

OPENSUSE-SU-2014_1677-1

OPENSUSE-SU-2024:10425-1

USN-2287-1

USN-2288-1

USN-2289-1

USN-2290-1

Affected Products

Alt Linux

Lz4

Linux Kernel

Suse

Ubuntu

PT-2014-6021 · Yann Collet+4 · Lz4+4

CVE-2014-4611

Weakness Enumeration

Related Identifiers

Affected Products

References · 66