CVE-2014-4611

Source
https://nvd.nist.gov/vuln/detail/CVE-2014-4611
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-4611.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2014-4611
Related
Published
2014-07-03T04:22:15Z
Modified
2024-09-18T01:00:21Z
Summary
[none]
Details

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.14.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.14.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.14.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / lz4

Package

Name
lz4
Purl
pkg:deb/debian/lz4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0~r119-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lz4

Package

Name
lz4
Purl
pkg:deb/debian/lz4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0~r119-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lz4

Package

Name
lz4
Purl
pkg:deb/debian/lz4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0~r119-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}