CVE-2014-4611 — Improper Input Validation in Kernel
Severity
5.0MEDIUMNVD
EPSS
10.1%
top 6.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 3
Latest updateMay 13
Description
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-c7c4-fwj7-36pr: Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompr↗2022-05-13
CVEList▶
CVE-2014-4611: Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompr↗2014-07-03
OSV▶
CVE-2014-4611: Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompr↗2014-07-03
📋Vendor Advisories
7💬Community
5Bugzilla
▶