CVE-2014-4608

 

Published at: - 03-07-2014 06:22

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
• https://www.securitymouse.com/lms-2014-06-16-2
• https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206a81c18401c0cde6e579164f752c4b147324ce
• https://bugzilla.redhat.com/show_bug.cgi?id=1113899
• http://www.oberhumer.com/opensource/lzo/
• http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
• [oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO-Mailing List, Third Party Advisory
• 68214-Third Party Advisory, VDB Entry
• 60011-Third Party Advisory
• USN-2421-1-Third Party Advisory
• USN-2419-1-Third Party Advisory
• USN-2416-1-Third Party Advisory
• USN-2420-1-Third Party Advisory
• USN-2418-1-Third Party Advisory
• USN-2417-1-Third Party Advisory
• 62633-Third Party Advisory
• 60174-Third Party Advisory
• RHSA-2015:0062-Third Party Advisory
• SUSE-SU-2015:0481-Mailing List, Third Party Advisory
• openSUSE-SU-2015:0566-Mailing List, Third Party Advisory
• SUSE-SU-2015:0736-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2014-4608

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures