51 matches found
CVE-2021-42387
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-43305
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...
CVE-2021-43304
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...
Fixed in ClickHouse 21.10.2.15, 2021-10-18
Heap buffer overflow in ClickHouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don't exceed the destination buffer's limits...
PT-2021-23610 · Unknown +4 · Clickhouse +3
Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: A heap out-of-bounds read issue exists in ClickHouse's LZ4 compression codec when parsing a malicious query. The LZ4::decompressImpl loop reads a 16-bit unsigned user-supplied value offs...
Moderate: lz4 security update
The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...
RLSA-2021:2575 Moderate: lz4 security update
The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...
Fedora 27 : openvpn (2017-5882331351)
Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...
Fedora 26 : openvpn (2017-700915e34f)
Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...
lz4-compress is unmaintained
According to the developers this crate is no longer maintained. The suggested alternative is lz4-compression, a maintained fork of lz4-compress. See also lz-fear which is compatible with the reference LZ4 implementation in C, but not with lz4-compress...
SOL15516 - LZ4 compression vulnerability CVE-2014-4715
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...