Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDD1F5E12A-FD5A-11E3-A108-080027EF73EC
HistoryJun 25, 2014 - 12:00 a.m.

LZO -- potential buffer overrun when processing malicious input data

2014-06-2500:00:00
vuxml.freebsd.org
35

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

Markus Franz Xaver Johannes Oberhumer reports, in the package’s NEWS file:

Fixed a potential integer overflow condition in the “safe”
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
As this issue only affects 32-bit systems and also can only happen
if you use uncommonly huge buffer sizes where you have to decompress
more than 16 MiB (2^24 bytes) compressed bytes within a single
function call, the practical implications are limited.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlzo2< 2.07UNKNOWN
FreeBSDanynoarchbusybox< 1.22.1_2UNKNOWN

Related

securityvulns 3
f5 2
cve 1
nessus 32
debiancve 1
prion 1
ubuntucve 1
openvas 29
ubuntu 9
cisa 1
amazon 1
redhat 2
thn 1
veracode 3
centos 1
oraclelinux 1
suse 10
fedora 2
securityvulns
securityvulns
[oss-security] LMS-2014-06-16-2: Linux Kernel LZO
2014-06-28 00:00:00
[USN-2289-1] Linux kernel vulnerabilities
2014-07-21 00:00:00
Linux kernel multiple security vulnerabilities
2014-07-21 00:00:00
f5
f5
K15512 : LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
SOL15512 - LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
cve
cve
CVE-2014-4608
2014-07-03 04:22:00
nessus
nessus
FreeBSD : LZO -- potential buffer overrun when processing malicious input data (d1f5e12a-fd5a-11e3-a108-080027ef73ec)
2014-06-27 00:00:00
Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2416-1)
2014-11-25 00:00:00
Ubuntu 14.10 : linux vulnerabilities (USN-2421-1)
2014-11-25 00:00:00
debiancve
debiancve
CVE-2014-4608
2014-07-03 04:22:00
prion
prion
Integer overflow
2014-07-03 04:22:00
ubuntucve
ubuntucve
CVE-2014-4608
2014-07-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2415-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-2416-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-2421-1)
2022-08-26 00:00:00
ubuntu
ubuntu
Linux kernel (EC2) vulnerabilities
2014-11-25 00:00:00
Linux kernel vulnerability
2014-11-25 00:00:00
Linux kernel vulnerabilities
2014-11-25 00:00:00
cisa
cisa
Vulnerabilities in LZO and LZ4 compression libraries
2014-07-21 00:00:00
amazon
amazon
Medium: kernel
2014-07-09 16:29:00
redhat
redhat
(RHSA-2015:0062) Important: kernel security, bug fix, and enhancement update
2015-01-20 00:00:00
(RHSA-2014:1392) Important: kernel security, bug fix, and enhancement update
2014-10-14 00:00:00
thn
thn
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
2014-06-27 05:43:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:12:40
Denial Of Service (DoS)
2019-05-02 05:12:39
Denial Of Service (DoS)
2019-05-02 05:12:40
centos
centos
kernel, perf, python security update
2014-10-20 18:09:23
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2014-10-20 00:00:00
suse
suse
Security update for Linux kernel (important)
2014-12-23 19:06:22
Security update for Linux kernel (important)
2014-12-24 08:08:49
Security update for Real Time Linux Kernel (important)
2015-04-20 21:05:00
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.14.9-200.fc20
2014-06-30 10:29:23
[SECURITY] Fedora 19 Update: kernel-3.14.13-100.fc19
2014-07-25 10:08:51

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON
Related for D1F5E12A-FD5A-11E3-A108-080027EF73EC
securityvulns3f52cve1nessus32debiancve1prion1ubuntucve1openvas29ubuntu9cisa1amazon1redhat2thn1veracode3centos1oraclelinux1suse10fedora2