** Description changed: - All versions of the LZ4 software:https://code.google.com/p/lz4 Functions - Affected: lz4.c:LZ4_decompress_generic Criticality Reasoning - --------------------- Due to the design of the algorithm, an attacker - can specify any desired offset to a write pointer. The attacker can - instrument the write in such a way as to only write four bytes at a - specified offset. Subsequent code will allow the attacker to escape from - the decompression algorithm without further memory corruption. This may - allow the attacker to overwrite critical structures in memory that - affect flow of execution. White DoS and OOW are obvious side effects of - this flaw, RCE with respect to this flaw is untested. Vulnerability - Description ------------------------- An integer overflow can occur when - processing any variant of a "literal run" in the affected function. + Integer overflow in the LZ4 algorithm implementation, as used in Yann + Collet LZ4 before r118 and in the lz4_uncompress function in + lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit + platforms might allow context-dependent attackers to cause a denial of + service (memory corruption) or possibly have unspecified other impact + via a crafted Literal Run that would be improperly handled by programs + not complying with an API limitation, a different vulnerability than + CVE-2014-4715. Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9 206204a1162b995e2185275167b22468c00d6b36
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1335314 Title: CVE-2014-4611 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335314/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
