CVE-2014-4608

CWE-190Integer Overflow18 documents8 sources
Severity
7.3HIGH
EPSS
8.6%
top 7.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux Linux KernelCanonical Ubuntu LinuxOpensuse Opensuse+2 more
Timeline
PublishedJul 3
Latest updateMay 13

Description

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages5 packages

NVDlinux/linux_kernel< 3.15.2
Debianlinux< 3.14.9-1+3

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-3crv-xrq6-c4hq: ** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe2022-05-13
OSV
linux vulnerabilities2014-11-25
OSV
CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe2014-07-03
CVEList
CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe2014-07-03

📋Vendor Advisories

11
Ubuntu
Linux kernel (EC2) vulnerabilities2014-11-25
Ubuntu
Linux kernel vulnerabilities2014-11-25
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2014-11-25
Ubuntu
Linux kernel vulnerabilities2014-11-25
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-11-25

💬Community

2
Bugzilla
CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow [fedora-all]2014-06-27
Bugzilla
CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow2014-06-27