CVE-2014-4608

CVSS v2.0 7.5 (High)

EPSS 1.11 % (85^th)

Affected Products 5

Advisories 20

NVD Status Modified

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is not affected; media hype.

Weaknesses

CWE-190: Integer Overflow or Wraparound

CVE Status: PUBLISHED
NVD Status: Modified
CNA: MITRE
Published Date: 2014-07-03 04:22:15
(10 years ago)
Updated Date: 2024-08-06 12:15:20
(5 weeks ago)

Affected Products

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 3.15.2 version	cpe:2.3:o:linux:linux_kernel		< 3.15.2

Configuration #2

		CPE23	From	Up To
	Opensuse 11.4	cpe:2.3:o:opensuse:opensuse:11.4
	Suse Linux Enterprise Real Time Extension 11 SP3	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
	Suse Linux Enterprise Server 11 SP2	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:::*:-
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:esm
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10

Weaknesses

Affected Products

Canonical

Linux

Opensuse

Suse

Configuration #1

Configuration #2

Configuration #3