oss-sec mailing list archives
LMS-2014-06-16-6: LZ4 Core
From: "Don A. Bailey" <donb () securitymouse com>
Date: Thu, 26 Jun 2014 12:58:37 -0600
Hello All, A vulnerability has been identified in the LZ4 core implementation. Please review the bug report attached inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ ############################################################################# # # Lab Mouse Security Report # LMS-2014-06-16-6 # Report ID: LMS-2014-06-16-6 CVE ID: CVE-2014-4611 Researcher Name: Don A. Bailey Researcher Organization: Lab Mouse Security Researcher Email: donb at securitymouse.com Researcher Website: www.securitymouse.com Vulnerability Status: Reported / No response Vulnerability Embargo: Broken Vulnerability Class: Integer Overflow Vulnerability Effect: Memory Corruption Vulnerability Impact: DoS, OOW, RCE Vulnerability DoS Practicality: Practical Vulnerability OOW Practicality: Practical Vulnerability RCE Practicality: Untested Vulnerability Criticality: High Vulnerability Scope: All versions of the LZ4 software:https://code.google.com/p/lz4 Functions Affected: lz4.c:LZ4_decompress_generic Criticality Reasoning --------------------- Due to the design of the algorithm, an attacker can specify any desired offset to a write pointer. The attacker can instrument the write in such a way as to only write four bytes at a specified offset. Subsequent code will allow the attacker to escape from the decompression algorithm without further memory corruption. This may allow the attacker to overwrite critical structures in memory that affect flow of execution. White DoS and OOW are obvious side effects of this flaw, RCE with respect to this flaw is untested. Vulnerability Description ------------------------- An integer overflow can occur when processing any variant of a "literal run" in the affected function. Vulnerability Resolution ------------------------ Pending.
Current thread:
- LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Hanno Böck (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Solar Designer (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Hanno Böck (Jun 26)