Уязвимость CVE-2019-17543: Информация

Описание

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Важность: HIGH (8,1) Вектор: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-17543

Опубликовано: 14 октября 2019 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-787

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
MySQL	sisyphus	8.0.26-alt1	8.0.36-alt1	ALT-PU-2021-2461-1	281108	Исправлено
MySQL	sisyphus_riscv64	8.0.27-alt1.0.rv64	8.0.30-alt0.2.rv64	ALT-PU-2021-4503-1	-	Исправлено
MySQL	p10	8.0.26-alt1	8.0.36-alt1	ALT-PU-2021-2477-1	282098	Исправлено
MySQL	p9	8.0.26-alt1	8.0.26-alt2	ALT-PU-2021-2571-1	282101	Исправлено
MySQL	c10f1	8.0.26-alt1	8.0.36-alt1	ALT-PU-2021-2477-1	282098	Исправлено
MySQL	c9f2	8.0.26-alt2	8.0.36-alt0.c9.1	ALT-PU-2021-3668-1	291746	Исправлено
lz4	sisyphus	1.9.2-alt1	1.9.4-alt1	ALT-PU-2019-2817-1	238585	Исправлено
lz4	p10	1.9.2-alt1	1.9.3-alt1	ALT-PU-2019-2817-1	238585	Исправлено
lz4	p9	1.9.2-alt1	1.9.2-alt1	ALT-PU-2019-2830-1	238696	Исправлено
lz4	c10f1	1.9.2-alt1	1.9.3-alt1	ALT-PU-2019-2817-1	238585	Исправлено
lz4	c9f2	1.9.2-alt1	1.9.2-alt1	ALT-PU-2019-2830-1	238696	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://github.com/lz4/lz4/pull/756	Patch Third Party Advisory
https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2	Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941	Third Party Advisory
https://github.com/lz4/lz4/pull/760	Patch Third Party Advisory
https://github.com/lz4/lz4/issues/801	Third Party Advisory
openSUSE-SU-2019:2399
openSUSE-SU-2019:2398
https://www.oracle.com/security-alerts/cpuoct2020.html
N/A
https://security.netapp.com/advisory/ntap-20210723-0001/
[arrow-issues] 20191024 [jira] [Created] (ARROW-6984) Update LZ4 to 1.9.2 for CVE-2019-17543
[arrow-dev] 20191024 [jira] [Created] (ARROW-6984) Update LZ4 to 1.9.2 for CVE-2019-17543
[arrow-issues] 20191024 [jira] [Updated] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
[arrow-issues] 20191024 [jira] [Assigned] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
[arrow-issues] 20191025 [jira] [Commented] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
[arrow-issues] 20191106 [jira] [Resolved] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
[kudu-issues] 20200621 [jira] [Updated] (KUDU-3156) Whether the CVE-2019-17543 vulnerability of lz affects kudu
[kudu-issues] 20200709 [jira] [Resolved] (KUDU-3156) Whether the CVE-2019-17543 vulnerability of lz affects kudu
https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3E

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:lz4_project:lz4:*:*:*:*:*:*:*:*
  End excliding
  1.9.2

Версия: v24.4.2

Наверх

Уязвимость CVE-2019-17543: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1