6 matches found
Medium: rust
Issue Overview: Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. CVE-2026-32829 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Amazon Linux 2 : rust, --advisory ALAS2-2026-3225 (ALAS-2026-3225)
The version of rust installed on the remote host is prior to 1.93.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3225 advisory. Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations wh...
CVE-2026-32829
lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...
CVE-2026-32829
lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...
bitcode (>=0.2.0 <=0.5.1), bitcode_lightyear_patch (>=0.4.0 <=0.5.1) +25 more potentially affected by CVE-2026-32829 via lz4_flex (=0.10.0)
lz4flex CARGO version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on lz4flex and may be impacted: - bitcode =0.2.0, =0.4.0, =0.16.0, =3.0.0, =8.0.0, =0.1.1, =0.1.0, =0.1.0, =0.25.0, =0.5.0, =4.0.1, =4.4.2 and more Source cves: CVE-2026-32829...
Linux Distros Unpatched Vulnerability : CVE-2026-32829
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak...