CVE-2021-3520 log
Source |
|
Severity | Low |
Remote | Yes |
Type | Denial of service |
Description | A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1889 | lz4 | 1:1.9.3-1 | 1:1.9.3-2 | Low | Fixed | FS#70970 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
25 May 2021 | ASA-202105-27 | AVG-1889 | lz4 | Low | denial of service |
References |
---|
https://bugzilla.redhat.com/show_bug.cgi?id=1954559 https://github.com/lz4/lz4/pull/972 https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 |