59 matches found
Advisory ROSA-SA-2026-3195
Software: lz4 1.8.3 OS: ROSA Virtualization 2.1 unaffected versions = lz4-1.8.3-5.rv3 affected versions lz4-1.8.3-5.rv3 CVE-ID: CVE-2019-17543 BDU-ID: 2023-07612 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LZ4 lossless data compression algorithm is related to writing beyond buffer boundaries...
Advisory ROSA-SA-2026-3155
Software: lz4 1.8.3 OS: ROSA Virtualization 3.1 unaffected versions = lz4-1.8.3-5.rv31 affected versions lz4-1.8.3-5.rv31 CVE-ID: CVE-2019-17543 BDU-ID: 2023-07612 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the LZ4 lossless data compression algorithm is related to writing beyond buffer...
TencentOS Server 3: lz4 (TSSA-2022:0211)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0211 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update
Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 7 : lz4 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lz4: memory corruption due to an integer overflow bug caused by memmove argument CVE-2021-3520 - LZ4 befo...
BELL-CVE-2021-3520 CVE-2021-3520 does not affect BellSoft software
Bulletin has no description...
Huawei EulerOS: Security Advisory for lz4 (EulerOS-SA-2023-1273)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.2 : lz4 (EulerOS-SA-2023-1273)
According to the versions of the lz4 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer...
Amazon Linux 2022 : lz4, lz4-devel, lz4-libs (ALAS2022-2022-169)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-169 advisory. There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument,...
GHSA-9Q5J-JM53-V7VR lz4-sys vulnerable to memory corruption via issue in liblz4
lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520. Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4...
lz4-sys vulnerable to memory corruption via issue in liblz4
lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520. Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4...
Memory corruption in liblz4
lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520. Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4...
NewStart CGSL MAIN 6.02 : lz4 Vulnerability (NS-SA-2022-0051)
The remote NewStart CGSL host, running version MAIN 6.02, has lz4 packages installed that are affected by a vulnerability: - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.1.0 release and security update
Red Hat AMQ Streams 2.1.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Huawei EulerOS: Security Advisory for lz4 (EulerOS-SA-2022-1083)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for lz4 (EulerOS-SA-2022-1132)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.0 : lz4 (EulerOS-SA-2022-1083)
According to the versions of the lz4 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer...
EulerOS Virtualization 3.0.6.6 : lz4 (EulerOS-SA-2022-1132)
According to the versions of the lz4 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer...
Mageia: Security Advisory (MGASA-2021-0229)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access
Summary Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access product. Vulnerability Details CVEID: CVE-2021-3520 DESCRIPTION: lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted fil...