oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2014-4715 for LZ4 issue 134

From: cve-assign () mitre org
Date: Wed, 2 Jul 2014 18:29:01 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The CVE-2014-4611 assignment, from the perspective of the LZ4 product,
is for issue 52 fixed in r118:

  https://code.google.com/p/lz4/issues/detail?id=52
  https://code.google.com/p/lz4/source/detail?r=118

As mentioned in the
https://code.google.com/p/lz4/issues/detail?id=52#c30 comment:

  "The point is that there is no documentation in the code to require
   a limit. This will eventually lead to people that misuse the API.
   So, yes, it is a vulnerable algorithm"


The CVE-2014-4715 assignment, from the perspective of the LZ4 product,
is for issue 134 fixed in r119:

  https://code.google.com/p/lz4/issues/detail?id=134
  https://code.google.com/p/lz4/source/detail?r=119

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTtIcVAAoJEKllVAevmvmsi84H/2fKtg3q1OMRQBVPfRdTezHb
kk22wdGtDRGBDA8MzTOEyh1pHmwsIiy1l11FTqUe3+1tQiBZT2/ws9/KkdhmlcGd
Clb9h05tHKDLDZaxy8eHeTta+bBueYGyUm50rPKb9l5Ffjcd+ij0AhF/W6GePEyj
Nv/zm3K7iuTxFuOhxXXX33lhCTV7w3oDlS7+NpuOIGJoyry5+VuVNXSmBN7Pq98X
j3/kaQL/bxaxaIk3VhrgBBWwLcLpZd0xph9QGeJNlZL13UPBgIn7AkGXLqFnPIgu
JeSpYONJrldZZfymxyZeSbrv6OgUi0w1xV+oPmr4TNXe4jCwxPFN+SMwZoQ7h2k=
=zBon
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: