logo
DATABASE RESOURCES PRICING ABOUT US

Memory corruption in liblz4

Description

lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to [CVE-2021-3520](https://nvd.nist.gov/vuln/detail/CVE-2021-3520). Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4.


Affected Software


CPE Name Name Version
lz4-sys 1.9.4

Related