CVE-2021-3520
EUVD-2021-2683602.06.2021, 13:15
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| lz4_project | lz4 | 1.8.3 ≤ 𝑥 < 1.9.4 |
| netapp | active_iq_unified_manager | - |
| netapp | cloud_backup | - |
| netapp | ontap_select_deploy_administration_utility | - |
| oracle | communications_cloud_native_core_policy | 1.14.0 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| lz4 |
|
References