Lucene search

[email protected]CVE-2014-4608

HistoryJul 03, 2014 - 4:22 a.m.

CVE-2014-4608

2014-07-0304:22:15

CWE-190

[email protected]

web.nvd.nist.gov

In Wild

cve-2014-4608

integer overflows

lzo1x_decompress_safe

linux kernel

memory corruption

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is not affected; media hype.

Affected configurations

NVD

Node

linuxlinux_kernelRange<3.15.2

Node

opensuseopensuseMatch11.4

suselinux_enterprise_real_time_extensionMatch11sp3

suselinux_enterprise_serverMatch11sp2ltss

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch14.10

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt3.15.2

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	3.15.2

References

blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce

lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

rhn.redhat.com/errata/RHSA-2015-0062.html

secunia.com/advisories/60011

secunia.com/advisories/60174

secunia.com/advisories/62633

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

www.oberhumer.com/opensource/lzo/

www.openwall.com/lists/oss-security/2014/06/26/21

www.securityfocus.com/bid/68214

www.ubuntu.com/usn/USN-2416-1

www.ubuntu.com/usn/USN-2417-1

www.ubuntu.com/usn/USN-2418-1

www.ubuntu.com/usn/USN-2419-1

www.ubuntu.com/usn/USN-2420-1

www.ubuntu.com/usn/USN-2421-1

bugzilla.redhat.com/show_bug.cgi?id=1113899

github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce

www.securitymouse.com/lms-2014-06-16-2

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2014-4608

freebsd1 nessus32 debiancve1 f52 securityvulns3 ubuntucve1 nvd1 cvelist1 prion1 openvas29 ubuntu9 cisa1 amazon1 thn1 redhat2 veracode3 oraclelinux1 centos1 suse10 fedora2