Lucene search
K

6 matches found

Amazon
Amazon
added 2026/04/01 12:0 a.m.9 views

Medium: rust

Issue Overview: Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. CVE-2026-32829 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

8.2CVSS5.9AI score0.00608EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.9 views

Amazon Linux 2 : rust, --advisory ALAS2-2026-3225 (ALAS-2026-3225)

The version of rust installed on the remote host is prior to 1.93.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3225 advisory. Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations wh...

8.2CVSS6AI score0.00608EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:49 a.m.1 views

CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

8.2CVSS5.7AI score0.00608EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/18 3:47 p.m.1 views

CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

8.2CVSS5.7AI score0.00608EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/03/17 12:0 p.m.4 views

bitcode (>=0.2.0 <=0.5.1), bitcode_lightyear_patch (>=0.4.0 <=0.5.1) +25 more potentially affected by CVE-2026-32829 via lz4_flex (=0.10.0)

lz4flex CARGO version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on lz4flex and may be impacted: - bitcode =0.2.0, =0.4.0, =0.16.0, =3.0.0, =8.0.0, =0.1.1, =0.1.0, =0.1.0, =0.25.0, =0.5.0, =4.0.1, =4.4.2 and more Source cves: CVE-2026-32829...

8.2CVSS5.8AI score0.00608EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak...

8.2CVSS7.2AI score0.00608EPSS
Exploits0References4
Rows per page
Query Builder