[FREEBSD:D1F5E12A-FD5A-11E3-A108-080027EF73EC] LZO -- potential buffer overrun when processing malicious input data
Severity
High
Affected Packages
2
CVEs
1
Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file:
Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
As this issue only affects 32-bit systems and also can only happen
if you use uncommonly huge buffer sizes where you have to decompress
more than 16 MiB (2^24 bytes) compressed bytes within a single
function call, the practical implications are limited.
| Package | Affected Version |
|---|---|
 pkg:freebsd/lzo2
|
< 2.07 |
|
pkg:freebsd/busybox
|
< 1.22.1_2 |
- ID
- FREEBSD:D1F5E12A-FD5A-11E3-A108-080027EF73EC
- Severity
- high
- Severity from
- CVE-2014-4608
- URL
- http://vuxml.freebsd.org/freebsd/d1f5e12a-fd5a-11e3-a108-080027ef73ec.html
- Published
-
2014-06-25T00:00:00
(10 years ago) - Modified
-
2014-06-26T00:00:00
(10 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
ALAS-2014-368
ELSA-2014-1392
FEDORA-2014-7863
RHSA-2014:1392
SUSE-SU-2015:0481-1
USN-2286-1| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |