Vulnerabilities > CVE-2021-3520

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2021-06-02

Updated: 2024-11-21

Summary

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Vulnerable Configurations

Part	Description	Count
Application	Lz4_Project LZ4 Project LZ4 1.8.3 LZ4 Project LZ4 1.9.0 LZ4 Project LZ4 1.9.1 LZ4 Project LZ4 1.9.2	4
Application	Netapp Netapp Cloud Backup - Netapp Ontap Select Deploy Administration Utility - Netapp Active IQ Unified Manager -	3
Application	Oracle Oracle ZFS Storage Appliance KIT 8.8 Oracle Communications Cloud Native Core Policy 1.14.0	2
Application	Splunk Splunk Universal Forwarder 9.1.0 Splunk Universal Forwarder 9.0.0 Splunk Universal Forwarder 9.0.1 Splunk Universal Forwarder 9.0.2 Splunk Universal Forwarder 9.0.3 Splunk Universal Forwarder 9.0.4 Splunk Universal Forwarder 9.0.5 Splunk Universal Forwarder 8.2.0 Splunk Universal Forwarder 8.2.6 Splunk Universal Forwarder 8.2.7 Splunk Universal Forwarder 8.2.8 Splunk Universal Forwarder 8.2.9 Splunk Universal Forwarder 8.2.10 Splunk Universal Forwarder 8.2.11	14

Vulnerabilities > CVE-2021-3520 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-3520"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-3520