CVE-2021-3520 — Integer Overflow or Wraparound in Project LZ4

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write12 documents9 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 65.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

LZ4 Project LZ4 Splunk Universal Forwarder Oracle Communications Cloud Native Core Policy +1 more

Timeline

PublishedJun 2

Latest updateSep 1

Description

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDlz4_project/lz41.8.3 — 1.9.4

▶NVDsplunk/universal_forwarder8.2.0 — 8.2.12+2

▶Debianlz4_project/lz4< 1.9.3-2+3

▶CVEListV5lz4_project/lz4lz4-1.8.3

▶NVDoracle/zfs_storage_appliance_kit8.8

Patches

Patch: bugzilla.redhat.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

lz4-sys vulnerable to memory corruption via issue in liblz4↗2022-09-01

▶

OSV

lz4-sys vulnerable to memory corruption via issue in liblz4↗2022-09-01

▶

OSV

Memory corruption in liblz4↗2022-08-25

▶

GHSA

GHSA-gmc7-pqv9-966m: There's a flaw in lz4↗2022-05-24

▶

CVEList

CVE-2021-3520: There's a flaw in lz4↗2021-06-02

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Policy (lz4) — CVE-2021-3520↗2022-04-15

▶

Ubuntu

LZ4 vulnerability↗2021-05-31

▶

Ubuntu

LZ4 vulnerability↗2021-05-26

▶

Red Hat

lz4: memory corruption due to an integer overflow bug caused by memmove argument↗2021-04-28

▶

Debian

CVE-2021-3520: lz4 - There's a flaw in lz4. An attacker who submits a crafted file to an application ...↗2021

▶