Debian Bug report logs -
#987856
lz4: CVE-2021-3520
Package:
src:lz4;
Maintainer for src:lz4 is Nobuhiro Iwamatsu <iwamatsu@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 30 Apr 2021 21:12:01 UTC
Severity: important
Tags: security, upstream
Found in version lz4/193-1
Forwarded to ...
Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a
fast LZ compression algorithm library, resulting in memory corruption
For the stable distribution (buster), this problem has been fixed in
version 183-1+deb10u1
We recommend that you upgrade your lz4 packages
For the detailed security status of lz4 please refer to its securi ...
Synopsis
Moderate: Red Hat Integration Camel Extensions for Quarkus 27 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Integration Camel Extensions for Quarkus 27 is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Security has rated this update as h ...
Synopsis
Moderate: Red Hat AMQ Streams 210 release and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat AMQ Streams 210 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis
Moderate: Red Hat Integration Camel-K 18 security update
Type/Severity
Security Advisory: Moderate
Topic
A minor version update is now available for Red Hat Integration Camel K The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as havi ...
Synopsis
Moderate: OpenShift Container Platform 4103 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Synopsis
Important: Service Telemetry Framework 14 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
No description is available for this CVE ...
A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug which caused one of the memmove arguments to become negative Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() functi ...
There's a flaw in lz4 An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash The greatest impact of this flaw is to availability, with some potential impact to confidentiality and ...
There's a flaw in lz4 An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash The greatest impact of this flaw is to availability, with some potential impact to confidentiality and ...