exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2021-3520

Status Candidate

Overview

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Related Files

Gentoo Linux Security Advisory 202406-04
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-4 - A vulnerability has been discovered in LZ4, which can lead to memory corruption. Versions greater than or equal to 1.9.3-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2021-3520
SHA-256 | 5a00e99e4ec518f24201acea96a1dcb4d6db6416194728731ef2a786a76bf4ef
Red Hat Security Advisory 2024-3527-03
Posted May 31, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-3520
SHA-256 | f7976b8e170be546f0ae90244875124b0d4dbae1498c74c776b4c1380ae64a0d
Red Hat Security Advisory 2022-6407-01
Posted Sep 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6407-01 - A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Issues addressed include denial of service, information leakage, integer overflow, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-27223, CVE-2020-36518, CVE-2020-9492, CVE-2021-20289, CVE-2021-22132, CVE-2021-22137, CVE-2021-2471, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-3520, CVE-2021-3629, CVE-2021-37714, CVE-2021-38153
SHA-256 | cc86bb2ed063a9b8609ef6960b486d0a7bff3be7ef9e7f5716ccc3523480f3ed
Red Hat Security Advisory 2022-5606-01
Posted Jul 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5606-01 - Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. Issues addressed include denial of service, information leakage, integer overflow, and privilege escalation vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-9492, CVE-2021-22132, CVE-2021-22135, CVE-2021-22137, CVE-2021-3520, CVE-2021-37714, CVE-2021-38153, CVE-2021-43859, CVE-2022-0981
SHA-256 | dc00a749e0b4c6ee427da00d44b03fca53eed4fa1eb09b83c101256de02ba0a5
Red Hat Security Advisory 2022-1345-01
Posted Apr 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-3520, CVE-2021-43797
SHA-256 | ad7d0a5ea3bd59034ab1fa1bef28c21800f686847ce75f83e41e3e7a012f895f
Red Hat Security Advisory 2021-3361-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3361-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a memory exhaustion vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22543, CVE-2021-22555, CVE-2021-22918, CVE-2021-25735, CVE-2021-25737, CVE-2021-27218, CVE-2021-3114, CVE-2021-3121, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541, CVE-2021-3609, CVE-2021-3636
SHA-256 | fa8792e889cba4980e5e69cc42c59e3108310c2072dfb34fffb0c3a8644d9099
Red Hat Security Advisory 2021-3229-01
Posted Aug 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3229-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory exhaustion vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-27218, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541
SHA-256 | 855f8fa5e01d305ef13937df9247a604cc0ed4b9b9ccdef5d43c215066cd4f69
Red Hat Security Advisory 2021-3024-01
Posted Aug 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3024-01 - Red Hat OpenShift distributed tracing is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-27292, CVE-2021-33910, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541
SHA-256 | 1c8f6df36ae49d885688d7f147871495821ee391dfed98793abf0c2fb210ca0c
Red Hat Security Advisory 2021-2575-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2575-01 - The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-3520
SHA-256 | 56200e1297739d51f029479c4df5d861c1dec1d8099410e52b614d7cacdcb6d9
Ubuntu Security Notice USN-4968-2
Posted May 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-2 - USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
SHA-256 | 82af8b5f2df1dbee5f397fdec283ce1312ffcfd090e73923701d2913c7d88366
Debian Security Advisory 4919-1
Posted May 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4919-1 - Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2021-3520
SHA-256 | 41bb61b640cc01e826c9c253f58731d34427a40e6f793f86f7d008054e749c91
Ubuntu Security Notice USN-4968-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
SHA-256 | 836e6f2c1fadbf1f7e75b0617c9bff905779ac807e186968f98c72a2f7cf62a7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close