PT-2025-54723 · Maven · At.Yawk.Lz4:Lz4-Java+3
Published
2025-11-28
·
Updated
2025-11-28
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived: https://github.com/lz4/lz4-java, and Sonatype has added a redirect from org.lz4:lz4-java:1.8.1 to the new group ID.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
At.Yawk.Lz4:Lz4-Java
Net.Jpountz.Lz4:Lz4
Org.Lz4:Lz4-Java
Org.Lz4:Lz4-Pure-Java