Buffer Overflow in lz4

Do your applications use this vulnerable package? Test your applications

Overview

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

References

ADVISORY
Apache Security Advisory
Apache Security Advisory
Apache Security Advisory
Apache Security Advisory
Apache Security Advisory
Debian Security Tracker
GitHub Diff
GitHub Issue
GitHub PR
GitHub PR
MISC
MISC
MISC
MLIST
MLIST
MLIST
OpenSuse Security Announcement
OpenSuse Security Announcement
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-17543
CWE: CWE-120
Snyk ID: SNYK-DEBIAN9-LZ4-473077
Disclosed: 14 Oct, 2019
Published: 14 Oct, 2019

Buffer Overflow
Affecting lz4 package, versions *

Overview

References

CVSS Score

Buffer Overflow Affecting lz4 package, versions *

Overview

References

Buffer Overflow
Affecting lz4 package, versions *