Security Bulletin: IBM DataPower Gateway vulnerable to data corruption due to LZ4 (CVE-2019-17543)

Summary LZ4 is used in multiple components of IBM DataPower Gateway Vulnerability Details CVEID:CVE-2019-17543 DESCRIPTION: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This iss...

Linux Distros Unpatched Vulnerability : CVE-2025-62813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LZ4 through 1.10.0 allows attackers to cause a denial of service application crash or possibly have unspecified other impact when the application processes...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1)

The version of AOS installed on the remote host is prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1 advisory. - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that cal...

UBUNTU-CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...