Vulnerabilities > CVE-2019-17543 - Out-of-bounds Write vulnerability in LZ4 Project LZ4

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
lz4-project
CWE-787
nessus

Summary

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2399.NASL
    descriptionThis update for lz4 fixes the following issues : - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id130360
    published2019-10-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130360
    titleopenSUSE Security Update : lz4 (openSUSE-2019-2399)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2630.NASL
    descriptionAccording to the version of the lz4 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states
    last seen2020-05-08
    modified2019-12-18
    plugin id132165
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132165
    titleEulerOS 2.0 SP3 : lz4 (EulerOS-SA-2019-2630)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2542.NASL
    descriptionAccording to the version of the lz4 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states
    last seen2020-05-08
    modified2019-12-09
    plugin id131816
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131816
    titleEulerOS 2.0 SP5 : lz4 (EulerOS-SA-2019-2542)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2398.NASL
    descriptionThis update for lz4 fixes the following issues : - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id130359
    published2019-10-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130359
    titleopenSUSE Security Update : lz4 (openSUSE-2019-2398)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0083_LZ4.NASL
    descriptionAn update of the lz4 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136094
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136094
    titlePhoton OS 3.0: Lz4 PHSA-2020-3.0-0083
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2291.NASL
    descriptionAccording to the version of the lz4 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states
    last seen2020-05-03
    modified2019-11-27
    plugin id131357
    published2019-11-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131357
    titleEulerOS 2.0 SP8 : lz4 (EulerOS-SA-2019-2291)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2360.NASL
    descriptionAccording to the version of the lz4 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states
    last seen2020-05-08
    modified2019-12-10
    plugin id131852
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131852
    titleEulerOS 2.0 SP2 : lz4 (EulerOS-SA-2019-2360)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1262.NASL
    descriptionAccording to the version of the lz4 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.)(CVE-2019-17543) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134551
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134551
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : lz4 (EulerOS-SA-2020-1262)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2757-1.NASL
    descriptionThis update for lz4 fixes the following issues : CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130199
    published2019-10-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130199
    titleSUSE SLED15 / SLES15 Security Update : lz4 (SUSE-SU-2019:2757-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1057.NASL
    descriptionAccording to the version of the lz4 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.)(CVE-2019-17543) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132811
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132811
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : lz4 (EulerOS-SA-2020-1057)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0235_LZ4.NASL
    descriptionAn update of the lz4 package has been released.
    last seen2020-05-08
    modified2020-05-05
    plugin id136332
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136332
    titlePhoton OS 2.0: Lz4 PHSA-2020-2.0-0235

References