CVE-2025-62813Improper Neutralization of Null Byte or NUL Character in Azl3 LZ4 1.9.4-1 ON Azure Linux 3.0

CWE-158Improper Neutralization of Null Byte or NUL Character5 documents5 sources
Severity
5.9MEDIUM
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Msrc Azl3 LZ4 1.9.4-1 ON Azure Linux 3.0Msrc Azl3 LZ4 1.9.4-2 ON Azure Linux 3.0Msrc Azl3 Mysql 8.0.43-1 ON Azure Linux 3.0+7 more
Timeline
PublishedOct 14
Latest updateOct 23

Description

LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the c

Affected Packages10 packages

🔴Vulnerability Details

2
GHSA
GHSA-r7j2-9m2h-fq95: LZ4 through 12025-10-23
OSV
CVE-2025-62813: LZ4 through 12025-10-23

📋Vendor Advisories

2
Red Hat
lz4: LZ4 null handling error2025-10-23
Microsoft
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_cr2025-10-14

💬Community

1
Bugzilla
CVE-2025-62813 lz4: LZ4 null handling error2025-10-23