CVE-2021-3520 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1889	lz4	1:1.9.3-1	1:1.9.3-2	Low	Fixed	FS#70970

Date	Advisory	Group	Package	Severity	Type
25 May 2021	ASA-202105-27	AVG-1889	lz4	Low	denial of service

References
https://bugzilla.redhat.com/show_bug.cgi?id=1954559 https://github.com/lz4/lz4/pull/972 https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7