Vulnerability CVE-2014-4611: Information

Description

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-4611
Published: July 3, 2014
Modified: Nov. 7, 2023
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-std-defsisyphus3.18.21-alt16.1.91-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defp103.18.21-alt15.10.216-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defp93.18.21-alt15.4.275-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defc9f23.18.21-alt15.10.214-alt0.c9f.2ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defc74.4.93-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2017-2509-1191210Fixed
kernel-image-un-defsisyphus3.15.2-alt16.6.31-alt1ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defp103.15.2-alt16.1.85-alt1ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defp93.15.2-alt15.10.216-alt2ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defc10f13.15.2-alt16.1.85-alt0.c10f.1ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defc9f23.15.2-alt15.10.29-alt2ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defc73.15.2-alt14.9.277-alt0.M70C.1ALT-PU-2014-1849-1122501Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed
xenp104.4.1-alt14.14.1-alt2ALT-PU-2014-2061-1128919Fixed
xenp94.4.1-alt14.10.3-alt1ALT-PU-2014-2061-1128919Fixed
xenc10f14.4.1-alt14.14.1-alt2ALT-PU-2014-2061-1128919Fixed
xenc9f24.4.1-alt14.10.3-alt1ALT-PU-2014-2061-1128919Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
  • Third Party Advisory
[oss-security] 20140626 LMS-2014-06-16-5: Linux Kernel LZ4
  • Mailing List
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1112436
  • Issue Tracking
  • Third Party Advisory
https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36
  • Third Party Advisory
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
  • Third Party Advisory
https://code.google.com/p/lz4/source/detail?r=118
  • Third Party Advisory
https://code.google.com/p/lz4/issues/detail?id=52
  • Third Party Advisory
https://www.securitymouse.com/lms-2014-06-16-5
  • Broken Link
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
  • Vendor Advisory
https://www.securitymouse.com/lms-2014-06-16-6
  • Broken Link
http://twitter.com/djrbliss/statuses/484931749013495809
  • Third Party Advisory
http://twitter.com/djrbliss/statuses/485042901399789568
  • Third Party Advisory
1030491
  • Third Party Advisory
  • VDB Entry
59770
  • Third Party Advisory
60238
  • Third Party Advisory
59567
  • Third Party Advisory
openSUSE-SU-2014:0924
  • Mailing List
  • Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206204a1162b995e2185275167b22468c00d6b36
    [hadoop-common-issues] 20210916 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
      [hadoop-common-dev] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
        [hadoop-common-issues] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
          [hadoop-common-issues] 20210920 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
            [hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
              [hadoop-common-issues] 20210921 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
                [hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
                  [hadoop-common-issues] 20210921 [jira] [Comment Edited] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
                    [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2.3 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
                      [hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
                        [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
                          [hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
                            [hadoop-common-issues] 20210928 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611

                                1. Configuration 1

                                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                                  End excliding
                                  3.15.2
                              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                              Version: v24.5.1
                              Back to top