Lucene search

[email protected]CVE-2014-4715

HistoryJul 03, 2014 - 4:22 a.m.

CVE-2014-4715

2014-07-0304:22:16

CWE-189

[email protected]

web.nvd.nist.gov

In Wild

cve-2014-4715

yann collet lz4

memory corruption

integer overflow

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611.

Affected configurations

NVD

Node

yann_colletlz4Range≤r118

CPENameOperatorVersion
yann_collet:lz4yann collet lz4ler118

CPE	Name	Operator	Version
yann_collet:lz4	yann collet lz4	le	r118

References

blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html

fastcompression.blogspot.fr/2014/07/software-vulnerabilities-how-it-works.html

secunia.com/advisories/59770

code.google.com/p/lz4/issues/detail?id=134

code.google.com/p/lz4/source/detail?r=119

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2014-4715

attackerkb1 debiancve2 f54 prion2 cvelist2 nvd2 ubuntucve2 cve1 cisa1 nessus10 securityvulns3 hackerone1 openvas33 mageia1 thn1 ubuntu4 suse1 fedora26