Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisaCISACISA:C541BA16D95B14C2CBD295BC9DE8EA16
HistoryJul 21, 2014 - 12:00 a.m.

Vulnerabilities in LZO and LZ4 compression libraries

2014-07-2100:00:00
us-cert.cisa.gov
42

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation.

US-CERT recommends that all developers who either implement or import the LZO or LZ4 libraries into their software check for susceptibility to CVE-2014-4608, CVE-2014-4715, and CVE-2014-4611.

Users and administrators should apply software security updates as they become available.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

Related

prion 3
f5 6
attackerkb 1
debiancve 3
cve 3
ubuntucve 3
nessus 36
mageia 1
openvas 58
thn 1
securityvulns 4
freebsd 1
hackerone 1
ubuntu 12
amazon 1
redhat 2
suse 10
veracode 3
centos 1
oraclelinux 1
fedora 26
prion
prion
Integer overflow
2014-07-03 04:22:00
Integer overflow
2014-07-03 04:22:00
Integer overflow
2014-07-03 04:22:00
f5
f5
K15516 : LZ4 compression vulnerability CVE-2014-4715
2014-08-18 00:00:00
K15513 : LZ4 vulnerability CVE-2014-4611
2014-08-18 00:00:00
SOL15516 - LZ4 compression vulnerability CVE-2014-4715
2014-08-18 00:00:00
attackerkb
attackerkb
The LZO/LZ4 Integer Overflow Summary
2014-07-03 00:00:00
debiancve
debiancve
CVE-2014-4611
2014-07-03 04:22:00
CVE-2014-4715
2014-07-03 04:22:00
CVE-2014-4608
2014-07-03 04:22:00
cve
cve
CVE-2014-4715
2014-07-03 04:22:00
CVE-2014-4611
2014-07-03 04:22:00
CVE-2014-4608
2014-07-03 04:22:00
ubuntucve
ubuntucve
CVE-2014-4715
2014-07-03 00:00:00
CVE-2014-4611
2014-07-03 00:00:00
CVE-2014-4608
2014-07-03 00:00:00
nessus
nessus
Fedora 19 : kernel-3.14.13-100.fc19 (2014-8487)
2014-07-26 00:00:00
Fedora 20 : kernel-3.14.9-200.fc20 (2014-7863)
2014-07-01 00:00:00
FreeBSD : LZO -- potential buffer overrun when processing malicious input data (d1f5e12a-fd5a-11e3-a108-080027ef73ec)
2014-06-27 00:00:00
mageia
mageia
Updated eet packages fix security vulnerability
2014-08-06 14:31:11
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0321)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-2289-1)
2014-07-21 00:00:00
Ubuntu: Security Advisory (USN-2415-1)
2022-08-26 00:00:00
thn
thn
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
2014-06-27 05:43:00
securityvulns
securityvulns
[oss-security] LMS-2014-06-16-2: Linux Kernel LZO
2014-06-28 00:00:00
[oss-security] LMS-2014-06-16-5: Linux Kernel LZ4
2014-06-28 00:00:00
[USN-2289-1] Linux kernel vulnerabilities
2014-07-21 00:00:00
freebsd
freebsd
LZO -- potential buffer overrun when processing malicious input data
2014-06-25 00:00:00
hackerone
hackerone
Internet Bug Bounty: LZ4 Core
2014-06-26 20:11:22
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-07-17 00:00:00
Linux kernel (EC2) vulnerabilities
2014-11-25 00:00:00
Linux kernel vulnerability
2014-11-25 00:00:00
amazon
amazon
Medium: kernel
2014-07-09 16:29:00
redhat
redhat
(RHSA-2015:0062) Important: kernel security, bug fix, and enhancement update
2015-01-20 00:00:00
(RHSA-2014:1392) Important: kernel security, bug fix, and enhancement update
2014-10-14 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2014-12-21 13:04:41
Security update for Linux kernel (important)
2014-12-23 19:06:22
Security update for Linux kernel (important)
2014-12-24 08:08:49
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:12:40
Denial Of Service (DoS)
2019-05-02 05:12:39
Denial Of Service (DoS)
2019-05-02 05:12:40
centos
centos
kernel, perf, python security update
2014-10-20 18:09:23
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2014-10-20 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.14.9-200.fc20
2014-06-30 10:29:23
[SECURITY] Fedora 19 Update: kernel-3.14.13-100.fc19
2014-07-25 10:08:51
[SECURITY] Fedora 20 Update: kernel-3.15.4-200.fc20
2014-07-11 02:02:48

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for CISA:C541BA16D95B14C2CBD295BC9DE8EA16
prion3f56attackerkb1debiancve3cve3ubuntucve3nessus36mageia1openvas58thn1securityvulns4freebsd1hackerone1ubuntu12amazon1redhat2suse10veracode3centos1oraclelinux1fedora26