CVE-2021-3520
Description
Theres a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.149
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| lz4 security update(DSA-4919-1) lz4_1.8.3-1+deb10u1_i386.deb | Linux |
| lz4 security update(DSA-4919-1) lz4_1.8.3-1+deb10u1_amd64.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_1.9.3-1ubuntu0.1_i386.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_1.9.3-1ubuntu0.1_amd64.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_0.0~r131-2ubuntu3.1_i386.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_0.0~r131-2ubuntu3.1_amd64.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_1.9.2-2ubuntu0.20.04.1_i386.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_1.9.2-2ubuntu0.20.04.1_amd64.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_1.9.2-2ubuntu0.20.10.1_i386.deb | Linux |
| Extremely fast compression algorithm (USN-4968-1) liblz4-1_1.9.2-2ubuntu0.20.10.1_amd64.deb | Linux |
| Lz4 update (ELSA-2021-2575) lz4-1.8.3-3.el8_4.x86_64.rpm | Linux |
| Lz4-devel update (ELSA-2021-2575) lz4-devel-1.8.3-3.el8_4.i686.rpm | Linux |
| Lz4-devel update (ELSA-2021-2575) lz4-devel-1.8.3-3.el8_4.x86_64.rpm | Linux |
| Lz4-libs update (ELSA-2021-2575) lz4-libs-1.8.3-3.el8_4.i686.rpm | Linux |
| Lz4-libs update (ELSA-2021-2575) lz4-libs-1.8.3-3.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2575) lz4 security update lz4-1.8.3-3.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2575) lz4 security update lz4-debugsource-1.8.3-3.el8_4.i686.rpm | Linux |
| (RHSA-2021:2575) lz4 security update lz4-debugsource-1.8.3-3.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2575) lz4 security update lz4-devel-1.8.3-3.el8_4.i686.rpm | Linux |
| (RHSA-2021:2575) lz4 security update lz4-devel-1.8.3-3.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2575) lz4 security update lz4-libs-1.8.3-3.el8_4.i686.rpm | Linux |
| (RHSA-2021:2575) lz4 security update lz4-libs-1.8.3-3.el8_4.x86_64.rpm | Linux |
| lz4 security update (RLSA-2021:2575) lz4-1.8.3-3.el8_4.x86_64.rpm | Linux |
| lz4 security update (RLSA-2021:2575) lz4-libs-1.8.3-3.el8_4.i686.rpm | Linux |
| lz4 security update (RLSA-2021:2575) lz4-libs-1.8.3-3.el8_4.x86_64.rpm | Linux |
| lz4 security update (RLSA-2021:2575) lz4-devel-1.8.3-3.el8_4.i686.rpm | Linux |
| lz4 security update (RLSA-2021:2575) lz4-devel-1.8.3-3.el8_4.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) lz4-1.9.2-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) liblz4-1-1.9.2-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) liblz4-devel-1.9.2-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) lz4-debuginfo-1.9.2-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) liblz4-1-32bit-1.9.2-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) lz4-debugsource-1.9.2-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) liblz4-1-debuginfo-1.9.2-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1825-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) liblz4-1-32bit-debuginfo-1.9.2-3.3.1.x86_64.rpm | Linux |
| (RHSA-2021:2575)Moderate: security update lz4-debuginfo-1.8.3-3.el8_4.i686.rpm | Linux |
| (RHSA-2021:2575)Moderate: security update lz4-debuginfo-1.8.3-3.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:2575)Moderate: security update lz4-libs-debuginfo-1.8.3-3.el8_4.i686.rpm | Linux |
| (RHSA-2021:2575)Moderate: security update lz4-libs-debuginfo-1.8.3-3.el8_4.x86_64.rpm | Linux |
| lz4 Security Update (ALAS-2023-015) lz4-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| lz4 Security Update (ALAS-2023-015) lz4-libs-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| lz4 Security Update (ALAS-2023-015) lz4-devel-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| lz4 Security Update (ALAS-2023-015) lz4-static-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| Moderate: lz4 security update lz4-1.8.3-3.el8_4.x86_64.rpm | Linux |
| Moderate: lz4 security update lz4-devel-1.8.3-3.el8_4.i686.rpm | Linux |
| Moderate: lz4 security update lz4-devel-1.8.3-3.el8_4.x86_64.rpm | Linux |
| Moderate: lz4 security update lz4-libs-1.8.3-3.el8_4.i686.rpm | Linux |
| Moderate: lz4 security update lz4-libs-1.8.3-3.el8_4.x86_64.rpm | Linux |
| lz4 Security Update (ALAS2023-2023-015) lz4-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| lz4 Security Update (ALAS2023-2023-015) lz4-devel-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| lz4 Security Update (ALAS2023-2023-015) lz4-libs-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| lz4 Security Update (ALAS2023-2023-015) lz4-static-1.9.4-1.amzn2023.0.2.x86_64.rpm | Linux |
| CVE-2021-3520 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234