CVE-2014-4611

{"id": "CVE-2014-4611", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-03T04:22:15.623", "references": [{"url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206204a1162b995e2185275167b22468c00d6b36", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00025.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/59567", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/59770", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/60238", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://twitter.com/djrbliss/statuses/484931749013495809", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://twitter.com/djrbliss/statuses/485042901399789568", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/06/26/24", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1030491", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112436", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://code.google.com/p/lz4/issues/detail?id=52", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://code.google.com/p/lz4/source/detail?r=118", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r0038b5836e3bc91af3ff93721c0fc55d6543afab8cec47df7361fa0e%40%3Ccommon-dev.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r0addc410fdd680330054deb526323edb29e869e8d1097593f538e208%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r229456b1fa718e329232bd7ceca4bd3e81ac55f2ec4db7314f1d7fcb%40%3Ccommon-commits.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r31eb601a8415525fa4a77b2f624c09be3550599898468ab96d508f90%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r35b9f26c8ad91094d37bea0256012aeb065e32ff73dda5f934fefeb3%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r5c9b4826bbd8933e4688db62f6ed9008cabb8f26bcea84d4e309caf7%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r62f398f40f522cf59cfd89428835d4ca633a9764d82e4b7a12c37add%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r6794c8ff8f339d95a80415b0afbe71d5eda1b97bdaca19bec78d0f8f%40%3Ccommon-commits.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r6c998e1a47c1c3fba61a80d0dcc4b39c7fc452400c7051f685b76c0b%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/r8e0111cd64a455b0a33ab12a50fba724a0218f283c759f16da8864c2%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/ra72a62803eeabb6a8dc65032ca81b13ab75c271e4dff2df27c2915bb%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/rb301598bf24ecb6f4ce405c2a2ae23905fc4dce64277c020fc3883e5%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/rf4cb13d6ee891dfe2307389c8c6594a0cb10d9efb72be8bd2f97cb76%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://www.securitymouse.com/lms-2014-06-16-5", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.securitymouse.com/lms-2014-06-16-6", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715."}, {"lang": "es", "value": "Desbordamiento de enteros en la implementaci\u00f3n del algoritmo LZ4, utilizado en Yann Collet LZ4 anterior a r118 y en la funci\u00f3n lz4_uncompress en lib/lz4/lz4_decompress.c en el kernel de Linux anterior a 3.15.2, en plataformas de 32-bits permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de un 'Literal Run' manipulado que ser\u00eda manejado inadecuadamente por programas que no obedecen una limitaci\u00f3n en la API, una vulnerabilidad diferente a CVE-2014-4715"}], "lastModified": "2023-11-07T02:20:35.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "588069C4-9D69-48F6-913F-2FEB3E643870", "versionEndExcluding": "3.15.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}