CVE-2014-4611
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
Desbordamiento de enteros en la implementación del algoritmo LZ4, utilizado en Yann Collet LZ4 anterior a r118 y en la función lz4_uncompress en lib/lz4/lz4_decompress.c en el kernel de Linux anterior a 3.15.2, en plataformas de 32-bits permite a atacantes dependientes del contexto provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un 'Literal Run' manipulado que sería manejado inadecuadamente por programas que no obedecen una limitación en la API, una vulnerabilidad diferente a CVE-2014-4715
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-23 CVE Reserved
- 2014-07-03 CVE Published
- 2024-02-13 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (31)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2014-07/msg00025.html | 2023-11-07 | |
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.15.2 Search vendor "Linux" for product "Linux Kernel" and version " < 3.15.2" | - |
Affected
|