PT-2018-13818 · Lz5 · Lizard

Kky0Ho

Published

2018-09-13

Updated

2018-11-27

CVE-2018-16985

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Lizard (formerly LZ5) version 2.0

Description A denial of service issue was found, related to the use of an invalid memory address in the LZ5 compress continue function in lz5 compress.c, specifically with LZ5 compress fastSmall and MEM read32. This issue causes a segmentation fault and application crash.

Recommendations For Lizard (formerly LZ5) version 2.0, consider applying a patch or fix to address the invalid memory address usage in the LZ5 compress continue function to prevent the segmentation fault and application crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2018-16985

Affected Products

Lizard

PT-2018-13818 · Lz5 · Lizard

CVE-2018-16985

Weakness Enumeration

Related Identifiers

Affected Products

References · 3