CVE-2021-3520 - log back

CVE-2021-3520 edited at 25 May 2021 10:09:34
Description
- A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug which caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function.
+ A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function.
CVE-2021-3520 edited at 01 May 2021 10:01:10
References
https://bugzilla.redhat.com/show_bug.cgi?id=1954559
https://github.com/lz4/lz4/pull/972
+ https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
CVE-2021-3520 edited at 28 Apr 2021 11:42:39
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug which caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1954559
+ https://github.com/lz4/lz4/pull/972
Notes
CVE-2021-3520 created at 28 Apr 2021 11:40:09