Out-of-bounds Read

Overview net.jpountz.lz4:lz4 is a package for LZ4 compression for Java Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or acces...

Out-of-bounds Read

Overview org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm. Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or access sensitive memory contents by providing specially crafted...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +39 more potentially affected by CVE-2025-12183 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +14985 more potentially affected by CVE-2025-12183 via org.lz4:lz4-java (>=1.4 <=1.8.0)

org.lz4:lz4-java MAVEN version =1.4, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12183 Source advisory: SNYK:JAVA-ORGLZ4-14151788...

CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

DEBIAN-CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

UBUNTU-CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

CVE-2025-12183 org.lz4:lz4-java - Out-of-Bounds Memory Access

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

CVE-2025-12183

CVE-2025-12183 arises from out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier, enabling remote DoS and memory disclosure via untrusted input. Connected advisories show this affects multiple products using yawkat LZ4 Java (e.g., IBM InfoSphere Information Server, IBM Maximo comp...

EUVD-2025-199880

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

CVE-2025-12183 org.lz4:lz4-java - Out-of-Bounds Memory Access

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

SUSE-SU-2025:21164-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 October 2025 CPU: - CVE-2025-53066: Fixed enhance path factories bsc1252417. - CVE-2025-53057: Fixed enhance certificate handling bsc1252414. Other bug fixes: - Do not embed rebuild counter bsc12468...

OPENSUSE-SU-2025:20125-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 October 2025 CPU: - CVE-2025-53066: Fixed enhance path factories bsc1252417. - CVE-2025-53057: Fixed enhance certificate handling bsc1252414. Other bug fixes: - Do not embed rebuild counter bsc12468...

SUSE-SU-2025:21162-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 October 2025 CPU: - CVE-2025-53066: Fixed enhance path factories bsc1252417. - CVE-2025-61748: Fixed enhance string handling bsc1252418. - CVE-2025-53057: Fixed enhance certificate handling bsc1252414...

OPENSUSE-SU-2025:20123-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 October 2025 CPU: - CVE-2025-53066: Fixed enhance path factories bsc1252417. - CVE-2025-61748: Fixed enhance string handling bsc1252418. - CVE-2025-53057: Fixed enhance certificate handling bsc1252414...

SUSE-SU-2025:4287-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.1+8 October 2025 CPU Security fixes: + JDK-8360937, CVE-2025-53057, bsc1252414: Enhance certificate handling + JDK-8356294, CVE-2025-53066, bsc1252417: Enhance Path Factories + JDK-8359454, CVE-2025-61748,...