logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-3520

Description

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.


Affected Software


CPE Name Name Version
lz4_project:lz4 lz4 project lz4 1.8.3
netapp:ontap_select_deploy_administration_utility netapp ontap select deploy administration utility -
netapp:active_iq_unified_manager netapp active iq unified manager -
oracle:zfs_storage_appliance_kit oracle zfs storage appliance kit 8.8
oracle:communications_cloud_native_core_policy oracle communications cloud native core policy 1.14.0

Related