github.com/cloudflare/golz4 is vulnerable to arbitrary code execution. The vulnerability is due to the use of an unsafe version of the LZ4 decoder (LZ4_uncompress
) which is used in the Uncompress
function resulting in memory corruption via specially crafted user input.