Lucene search
+L

51 matches found

Debian CVE
Debian CVE
added 2022/03/14 12:0 a.m.63 views

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS8AI score0.01549EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/03/14 12:0 a.m.35 views

CVE-2021-43305

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...

8.8CVSS8.9AI score0.01646EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/03/14 12:0 a.m.63 views

CVE-2021-43304

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...

8.8CVSS9AI score0.01646EPSS
Exploits1
ClickHouse
ClickHouse
added 2021/10/18 12:0 a.m.23 views

Fixed in ClickHouse 21.10.2.15, 2021-10-18​

Heap buffer overflow in ClickHouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don't exceed the destination buffer's limits...

7.8AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/18 12:0 a.m.4 views

PT-2021-23610 · Unknown +4 · Clickhouse +3

Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: A heap out-of-bounds read issue exists in ClickHouse's LZ4 compression codec when parsing a malicious query. The LZ4::decompressImpl loop reads a 16-bit unsigned user-supplied value offs...

8.8CVSS6.9AI score0.01646EPSS
Exploits7References37
AlmaLinux
AlmaLinux
added 2021/06/29 1:43 p.m.40 views

Moderate: lz4 security update

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...

9.8CVSS9.7AI score0.0319EPSS
Exploits0References2
OSV
OSV
added 2021/06/29 1:43 p.m.28 views

RLSA-2021:2575 Moderate: lz4 security update

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...

8.6CVSS9.3AI score0.0319EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.30 views

Fedora 27 : openvpn (2017-5882331351)

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...

9.8CVSS7.9AI score0.03629EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/10/03 12:0 a.m.36 views

Fedora 26 : openvpn (2017-700915e34f)

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...

9.8CVSS7.9AI score0.03629EPSS
Exploits0References3
RustSec
RustSec
added 2017/04/17 12:0 p.m.20 views

lz4-compress is unmaintained

According to the developers this crate is no longer maintained. The suggested alternative is lz4-compression, a maintained fork of lz4-compress. See also lz-fear which is compatible with the reference LZ4 implementation in C, but not with lz4-compress...

3AI score
Exploits0
F5 Networks
F5 Networks
added 2014/08/18 12:0 a.m.37 views

SOL15516 - LZ4 compression vulnerability CVE-2014-4715

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5CVSS3AI score0.08103EPSS
Exploits0References4
Rows per page
Query Builder