[FREEBSD:D1F5E12A-FD5A-11E3-A108-080027EF73EC] LZO -- potential buffer overrun when processing malicious input data
Severity
High
Affected Packages
2
CVEs
1
Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file:
Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
As this issue only affects 32-bit systems and also can only happen
if you use uncommonly huge buffer sizes where you have to decompress
more than 16 MiB (2^24 bytes) compressed bytes within a single
function call, the practical implications are limited.
Package | Affected Version |
---|---|
pkg:freebsd/lzo2 | < 2.07 |
pkg:freebsd/busybox | < 1.22.1_2 |
- ID
- FREEBSD:D1F5E12A-FD5A-11E3-A108-080027EF73EC
- Severity
- high
- Severity from
- CVE-2014-4608
- URL
- http://vuxml.freebsd.org/freebsd/d1f5e12a-fd5a-11e3-a108-080027ef73ec.html
- Published
-
2014-06-25T00:00:00
(10 years ago) - Modified
-
2014-06-26T00:00:00
(10 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |