gsd-2021-3520
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-3520", description: "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", id: "GSD-2021-3520", references: [ "https://www.suse.com/security/cve/CVE-2021-3520.html", "https://www.debian.org/security/2021/dsa-4919", "https://access.redhat.com/errata/RHBA-2021:2854", "https://access.redhat.com/errata/RHSA-2021:2575", "https://ubuntu.com/security/CVE-2021-3520", "https://advisories.mageia.org/CVE-2021-3520.html", "https://security.archlinux.org/CVE-2021-3520", "https://access.redhat.com/errata/RHSA-2022:1345", "https://linux.oracle.com/cve/CVE-2021-3520.html", "https://access.redhat.com/errata/RHSA-2022:5606", "https://access.redhat.com/errata/RHSA-2022:6407", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-3520", ], details: "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", id: "GSD-2021-3520", modified: "2023-12-13T01:23:34.310135Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3520", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "lz4", version: { version_data: [ { version_affected: "=", version_value: "lz4-1.8.3", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-190", lang: "eng", value: "CWE-190->CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20211104-0005/", refsource: "MISC", url: "https://security.netapp.com/advisory/ntap-20211104-0005/", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "=1.8.3", affected_versions: "Version 1.8.3", cvss_v2: "AV:N/AC:L/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-787", "CWE-937", ], date: "2023-02-12", description: "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", fixed_versions: [ "1.9.2", ], identifier: "CVE-2021-3520", identifiers: [ "CVE-2021-3520", ], not_impacted: "All versions before 1.8.3, all versions after 1.8.3", package_slug: "conan/lz4", pubdate: "2021-06-02", solution: "Upgrade to version 1.9.2 or above.", title: "Out-of-bounds Write", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-3520", "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", ], uuid: "3005e8d4-700a-45ca-993e-7d38d5b7d5dd", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:lz4_project:lz4:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "1F8B5004-1983-4375-B06F-932B4E4ACABD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", }, { lang: "es", value: "Se presenta un fallo en lz4. Un atacante que envíe un archivo diseñado hacia una aplicación enlazada con lz4 puede ser capaz de desencadenar un desbordamiento de enteros, conllevando una llamada de la función memmove() con un argumento de tamaño negativo, causando una escritura fuera de límites y/o un bloqueo. El mayor impacto de este fallo es en la disponibilidad, con algún impacto potencial en la confidencialidad e integridad también", }, ], id: "CVE-2021-3520", lastModified: "2024-03-27T16:12:07.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-02T13:15:13.170", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211104-0005/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.