CVE-2014-4611

 

Published at: - 03-07-2014 06:22

Last modified: - 21-09-2022 08:44

Total changes: - 7

Description

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

 

Verification logic

 

Reference

• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206204a1162b995e2185275167b22468c00d6b36
• http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
• [oss-security] 20140626 LMS-2014-06-16-5: Linux Kernel LZ4-Mailing List, Third Party Advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=1112436
• https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36
• http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
• https://code.google.com/p/lz4/source/detail?r=118
• https://code.google.com/p/lz4/issues/detail?id=52
• https://www.securitymouse.com/lms-2014-06-16-5
• http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
• https://www.securitymouse.com/lms-2014-06-16-6
• http://twitter.com/djrbliss/statuses/484931749013495809
• http://twitter.com/djrbliss/statuses/485042901399789568
• 1030491-Third Party Advisory, VDB Entry
• 59770-Third Party Advisory
• 60238-Third Party Advisory
• 59567-Third Party Advisory
• openSUSE-SU-2014:0924-Mailing List, Third Party Advisory
• [hadoop-common-dev] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-issues] 20210916 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-issues] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-issues] 20210920 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-issues] 20210921 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-issues] 20210921 [jira] [Comment Edited] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611-
• [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2.3 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.-
• [hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611-
• [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.-
• [hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611-
• [hadoop-common-issues] 20210928 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611-

 

Keywords

NVD

 

CVE-2014-4611

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures