CVE-2014-4611

2014-07-0300:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

Integer overflow in the LZ4 algorithm implementation, as used in Yann
Collet LZ4 before r118 and in the lz4_uncompress function in
lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit
platforms might allow context-dependent attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact via a
crafted Literal Run that would be improperly handled by programs not
complying with an API limitation, a different vulnerability than
CVE-2014-4715.

Bugs

<https://launchpad.net/bugs/1335314>

Notes

Author	Note
jdstrand	android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels
ebarretto	commented out the packages that are old so we can have this CVE in active/ again.

OSVersionArchitecturePackageVersionFilename
ubuntu13.10noarchlinux< 3.11.0-26.45UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-32.57UNKNOWN
ubuntu12.04noarchlinux-lts-saucy< 3.11.0-26.45~precise1UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-32.57~precise1UNKNOWN
ubuntu14.04noarchlz4< 0.0~r114-2ubuntu1+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	13.10	noarch	linux	< 3.11.0-26.45	UNKNOWN
ubuntu	14.04	noarch	linux	< 3.13.0-32.57	UNKNOWN
ubuntu	12.04	noarch	linux-lts-saucy	< 3.11.0-26.45~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-lts-trusty	< 3.13.0-32.57~precise1	UNKNOWN
ubuntu	14.04	noarch	lz4	< 0.0~r114-2ubuntu1+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only	UNKNOWN