exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2021-3520

Status Candidate

Overview

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Related Files

Gentoo Linux Security Advisory 202406-04
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-4 - A vulnerability has been discovered in LZ4, which can lead to memory corruption. Versions greater than or equal to 1.9.3-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2021-3520
SHA-256 | 5a00e99e4ec518f24201acea96a1dcb4d6db6416194728731ef2a786a76bf4ef
Red Hat Security Advisory 2024-3527-03
Posted May 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-3520
SHA-256 | f7976b8e170be546f0ae90244875124b0d4dbae1498c74c776b4c1380ae64a0d
Red Hat Security Advisory 2022-6407-01
Posted Sep 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6407-01 - A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Issues addressed include denial of service, information leakage, integer overflow, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-27223, CVE-2020-36518, CVE-2020-9492, CVE-2021-20289, CVE-2021-22132, CVE-2021-22137, CVE-2021-2471, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-3520, CVE-2021-3629, CVE-2021-37714, CVE-2021-38153
SHA-256 | cc86bb2ed063a9b8609ef6960b486d0a7bff3be7ef9e7f5716ccc3523480f3ed
Red Hat Security Advisory 2022-5606-01
Posted Jul 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5606-01 - Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. Issues addressed include denial of service, information leakage, integer overflow, and privilege escalation vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-9492, CVE-2021-22132, CVE-2021-22135, CVE-2021-22137, CVE-2021-3520, CVE-2021-37714, CVE-2021-38153, CVE-2021-43859, CVE-2022-0981
SHA-256 | dc00a749e0b4c6ee427da00d44b03fca53eed4fa1eb09b83c101256de02ba0a5
Red Hat Security Advisory 2022-1345-01
Posted Apr 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-3520, CVE-2021-43797
SHA-256 | ad7d0a5ea3bd59034ab1fa1bef28c21800f686847ce75f83e41e3e7a012f895f
Red Hat Security Advisory 2021-3361-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3361-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a memory exhaustion vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22543, CVE-2021-22555, CVE-2021-22918, CVE-2021-25735, CVE-2021-25737, CVE-2021-27218, CVE-2021-3114, CVE-2021-3121, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541, CVE-2021-3609, CVE-2021-3636
SHA-256 | fa8792e889cba4980e5e69cc42c59e3108310c2072dfb34fffb0c3a8644d9099
Red Hat Security Advisory 2021-3229-01
Posted Aug 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3229-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory exhaustion vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-27218, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541
SHA-256 | 855f8fa5e01d305ef13937df9247a604cc0ed4b9b9ccdef5d43c215066cd4f69
Red Hat Security Advisory 2021-3024-01
Posted Aug 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3024-01 - Red Hat OpenShift distributed tracing is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-27292, CVE-2021-33910, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541
SHA-256 | 1c8f6df36ae49d885688d7f147871495821ee391dfed98793abf0c2fb210ca0c
Red Hat Security Advisory 2021-2575-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2575-01 - The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-3520
SHA-256 | 56200e1297739d51f029479c4df5d861c1dec1d8099410e52b614d7cacdcb6d9
Ubuntu Security Notice USN-4968-2
Posted May 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-2 - USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
SHA-256 | 82af8b5f2df1dbee5f397fdec283ce1312ffcfd090e73923701d2913c7d88366
Debian Security Advisory 4919-1
Posted May 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4919-1 - Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2021-3520
SHA-256 | 41bb61b640cc01e826c9c253f58731d34427a40e6f793f86f7d008054e749c91
Ubuntu Security Notice USN-4968-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
SHA-256 | 836e6f2c1fadbf1f7e75b0617c9bff905779ac807e186968f98c72a2f7cf62a7
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close