CVE-2014-4611medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
References
http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
http://www.openwall.com/lists/oss-security/2014/06/26/24
https://bugzilla.redhat.com/show_bug.cgi?id=1112436
https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
https://code.google.com/p/lz4/source/detail?r=118
https://code.google.com/p/lz4/issues/detail?id=52
https://www.securitymouse.com/lms-2014-06-16-5
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
https://www.securitymouse.com/lms-2014-06-16-6
http://twitter.com/djrbliss/statuses/484931749013495809
http://twitter.com/djrbliss/statuses/485042901399789568
http://www.securitytracker.com/id/1030491
http://secunia.com/advisories/59770
http://secunia.com/advisories/60238
http://secunia.com/advisories/59567
http://lists.opensuse.org/opensuse-updates/2014-07/msg00025.html
https://lists.apache.org/thread.html/[email protected]%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommon-issues.hadoop.apache.org%3E
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124989 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1536) | Nessus | Huawei Local Security Checks | high |
| 80152 | openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1) | Nessus | SuSE Local Security Checks | high |
| 76851 | Fedora 19 : kernel-3.14.13-100.fc19 (2014-8487) | Nessus | Fedora Local Security Checks | medium |
| 76726 | openSUSE Security Update : eet (openSUSE-SU-2014:0924-1) | Nessus | SuSE Local Security Checks | medium |
| 76569 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2290-1) | Nessus | Ubuntu Local Security Checks | high |
| 76568 | Ubuntu 13.10 : linux vulnerabilities (USN-2289-1) | Nessus | Ubuntu Local Security Checks | high |
| 76567 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2288-1) | Nessus | Ubuntu Local Security Checks | high |
| 76566 | Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2287-1) | Nessus | Ubuntu Local Security Checks | high |
| 76329 | Fedora 20 : kernel-3.14.9-200.fc20 (2014-7863) | Nessus | Fedora Local Security Checks | medium |