CVE-2021-3520 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function.
Group Package Affected Fixed Severity Status Ticket
AVG-1889 lz4 1:1.9.3-1 1:1.9.3-2 Low Fixed FS#70970
Date Advisory Group Package Severity Type
25 May 2021 ASA-202105-27 AVG-1889 lz4 Low denial of service
References
https://bugzilla.redhat.com/show_bug.cgi?id=1954559
https://github.com/lz4/lz4/pull/972
https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7