Home

CVE-2019-17543

Description

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states only a few specific / uncommon usages of the API are at risk.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.442

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Mysql 8.0.25Windows
Multiple vulnerabilities are affected in Mysql 5.7.34Windows
Lz4-libs update (ELSA-2025-11035) lz4-libs-1.8.3-5.el8_10.x86_64.rpmLinux
Lz4-libs update (ELSA-2025-11035) lz4-libs-1.8.3-5.el8_10.i686.rpmLinux
Lz4-devel update (ELSA-2025-11035) lz4-devel-1.8.3-5.el8_10.x86_64.rpmLinux
Lz4-devel update (ELSA-2025-11035) lz4-devel-1.8.3-5.el8_10.i686.rpmLinux
Lz4 update (ELSA-2025-11035) lz4-1.8.3-5.el8_10.x86_64.rpmLinux
(RHSA-2025:11035)Moderate: security update lz4-libs-1.8.3-5.el8_10.x86_64.rpmLinux
(RHSA-2025:11035)Moderate: security update lz4-libs-1.8.3-5.el8_10.i686.rpmLinux
(RHSA-2025:11035)Moderate: security update lz4-devel-1.8.3-5.el8_10.x86_64.rpmLinux
(RHSA-2025:11035)Moderate: security update lz4-devel-1.8.3-5.el8_10.i686.rpmLinux
(RHSA-2025:11035)Moderate: security update lz4-1.8.3-5.el8_10.x86_64.rpmLinux
lz4 security update (RLSA-2025:11035) RLSA-2025:11035 lz4-libs-1.8.3-5.el8_10.x86_64.rpmLinux
lz4 security update (RLSA-2025:11035) RLSA-2025:11035 lz4-libs-1.8.3-5.el8_10.i686.rpmLinux
lz4 security update (RLSA-2025:11035) RLSA-2025:11035 lz4-devel-1.8.3-5.el8_10.x86_64.rpmLinux
lz4 security update (RLSA-2025:11035) RLSA-2025:11035 lz4-devel-1.8.3-5.el8_10.i686.rpmLinux
lz4 security update (RLSA-2025:11035) RLSA-2025:11035 lz4-1.8.3-5.el8_10.x86_64.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2019-17543)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234