cvelistv5 - cve-2025-62813

CVE-2025-62813 (GCVE-0-2025-62813)

Vulnerability from cvelistv5

Published

2025-10-23 00:00

Modified

2025-10-23 14:35

Severity ?

5.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-158 - Improper Neutralization of Null Byte or NUL Character

Summary

LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.

References

URL

Tags

	cve@mitre.org	https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82
	cve@mitre.org	https://github.com/lz4/lz4/pull/1593

Impacted products

	Vendor	Product	Version
	LZ4 project	LZ4	Version: 0 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62813",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-23T13:22:23.284834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-23T14:35:28.147Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "LZ4",
          "vendor": "LZ4 project",
          "versions": [
            {
              "lessThanOrEqual": "1.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:lz4_project:lz4:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.10.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-158",
              "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-23T03:13:57.382Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/lz4/lz4/pull/1593"
        },
        {
          "url": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-62813",
    "datePublished": "2025-10-23T00:00:00.000Z",
    "dateReserved": "2025-10-23T00:00:00.000Z",
    "dateUpdated": "2025-10-23T14:35:28.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-62813\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-10-23T04:17:26.350\",\"lastModified\":\"2025-10-27T13:20:33.350\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.4,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-158\"}]}],\"references\":[{\"url\":\"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/lz4/lz4/pull/1593\",\"source\":\"cve@mitre.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62813\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-23T13:22:23.284834Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-23T13:26:30.307Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\"}}], \"affected\": [{\"vendor\": \"LZ4 project\", \"product\": \"LZ4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.10.0\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://github.com/lz4/lz4/pull/1593\"}, {\"url\": \"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-158\", \"description\": \"CWE-158 Improper Neutralization of Null Byte or NUL Character\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:lz4_project:lz4:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"1.10.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-10-23T03:13:57.382Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-62813\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-23T14:35:28.147Z\", \"dateReserved\": \"2025-10-23T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-10-23T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-62813

Vulnerability from fkie_nvd

Published

2025-10-23 04:17

Modified

2025-10-27 13:20

Severity ?

5.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

	URL	Tags
	cve@mitre.org	https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82
	cve@mitre.org	https://github.com/lz4/lz4/pull/1593

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks."
    }
  ],
  "id": "CVE-2025-62813",
  "lastModified": "2025-10-27T13:20:33.350",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 4.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-23T04:17:26.350",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/lz4/lz4/pull/1593"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-158"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Primary"
    }
  ]
}

CERTFR-2025-AVI-0920

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 mysql 8.0.43-1
Microsoft	N/A	azl3 unbound 1.19.1-4
Microsoft	N/A	azl3 mysql versions antérieures à 8.0.44-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 lz4 1.9.4-1
Microsoft	N/A	azl3 squid versions antérieures à 6.13-3

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2022-49267	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62168	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49306	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49610	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11411	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53069	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53062	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49562	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49469	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49333	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49504	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53042	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53045	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53054	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49635	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53040	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57888	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49552	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53053	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49420	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53044	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62813	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57899	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38564	2025-10-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 mysql 8.0.43-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 unbound 1.19.1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 mysql versions ant\u00e9rieures \u00e0 8.0.44-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 lz4 1.9.4-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 squid versions ant\u00e9rieures \u00e0 6.13-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-62168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62168"
    },
    {
      "name": "CVE-2025-53042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
    },
    {
      "name": "CVE-2025-53062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
    },
    {
      "name": "CVE-2022-49610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49610"
    },
    {
      "name": "CVE-2022-49469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49469"
    },
    {
      "name": "CVE-2024-57888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
    },
    {
      "name": "CVE-2022-49333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49333"
    },
    {
      "name": "CVE-2022-49562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49562"
    },
    {
      "name": "CVE-2022-49306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49306"
    },
    {
      "name": "CVE-2025-62813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
    },
    {
      "name": "CVE-2025-53069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
    },
    {
      "name": "CVE-2025-53044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
    },
    {
      "name": "CVE-2022-49504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49504"
    },
    {
      "name": "CVE-2022-49420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49420"
    },
    {
      "name": "CVE-2022-49635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49635"
    },
    {
      "name": "CVE-2024-57899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
    },
    {
      "name": "CVE-2025-53054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
    },
    {
      "name": "CVE-2024-38564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
    },
    {
      "name": "CVE-2025-53040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
    },
    {
      "name": "CVE-2022-49552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49552"
    },
    {
      "name": "CVE-2025-53045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
    },
    {
      "name": "CVE-2025-53053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
    },
    {
      "name": "CVE-2022-49267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49267"
    },
    {
      "name": "CVE-2025-11411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
    }
  ],
  "initial_release_date": "2025-10-24T00:00:00",
  "last_revision_date": "2025-10-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0920",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49267"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62168",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62168"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49306",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49306"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49610",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11411",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11411"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53069",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53069"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53062",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53062"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49562",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49469",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49469"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49333",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49333"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49504",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49504"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53042",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53042"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53045",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53045"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53054",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53054"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49635",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53040",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53040"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57888",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57888"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49552",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53053",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53053"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49420",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49420"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53044",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53044"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62813",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62813"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57899",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57899"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38564",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38564"
    }
  ]
}

ghsa-r7j2-9m2h-fq95

Vulnerability from github

Published

2025-10-23 06:31

Modified

2025-10-23 06:31

Severity ?

5.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-62813"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-158"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-23T04:17:26Z",
    "severity": "MODERATE"
  },
  "details": "LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.",
  "id": "GHSA-r7j2-9m2h-fq95",
  "modified": "2025-10-23T06:31:00Z",
  "published": "2025-10-23T06:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62813"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lz4/lz4/pull/1593"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-62813 (GCVE-0-2025-62813)

Vulnerability from cvelistv5

fkie_cve-2025-62813

Vulnerability from fkie_nvd

CERTFR-2025-AVI-0920

Vulnerability from certfr_avis

Solutions

ghsa-r7j2-9m2h-fq95

Vulnerability from github

Tags

Sightings

Nomenclature