Unrated severityNVD Advisory· Published Oct 14, 2019· Updated Aug 5, 2024
CVE-2019-17543
CVE-2019-17543
Description
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- LZ4/LZ4description
- Range: <=1.9.1
- osv-coords11 versionspkg:rpm/almalinux/lz4pkg:rpm/almalinux/lz4-develpkg:rpm/almalinux/lz4-libspkg:rpm/opensuse/lz4&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/lz4&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/lz4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/lz4-test&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/lz4-test&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1.8.3-5.el8_10+ 10 more
- (no CPE)range: < 1.8.3-5.el8_10
- (no CPE)range: < 1.8.3-5.el8_10
- (no CPE)range: < 1.8.3-5.el8_10
- (no CPE)range: < 1.8.0-lp150.2.3.1
- (no CPE)range: < 1.8.0-lp151.3.3.1
- (no CPE)range: < 1.9.3-1.5
- (no CPE)range: < 1.8.0-lp150.2.3.1
- (no CPE)range: < 1.8.0-lp151.3.3.1
- (no CPE)range: < 1.8.0-3.5.1
- (no CPE)range: < 1.8.0-3.5.1
- (no CPE)range: < 1.8.0-3.3.1
Patches
Vulnerability mechanics
References
19- lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.htmlmitrevendor-advisoryx_refsource_SUSE
- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- github.com/lz4/lz4/compare/v1.9.1...v1.9.2mitrex_refsource_MISC
- github.com/lz4/lz4/issues/801mitrex_refsource_MISC
- github.com/lz4/lz4/pull/756mitrex_refsource_MISC
- github.com/lz4/lz4/pull/760mitrex_refsource_MISC
- lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17%40%3Cissues.arrow.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/543302d55e2d2da4311994e9b0debdc676bf3fd05e1a2be3407aa2d6%40%3Cissues.arrow.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357%40%3Cissues.arrow.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3%40%3Cissues.arrow.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316%40%3Cissues.arrow.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3%40%3Cdev.arrow.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3Emitrex_refsource_MISC
- lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720%40%3Cissues.kudu.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r7bc72200f94298bc9a0e35637f388deb53467ca4b2e2ad1ff66d8960%40%3Cissues.kudu.apache.org%3Emitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20210723-0001/mitrex_refsource_CONFIRM
- www.oracle.com//security-alerts/cpujul2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.