oss-sec mailing list archives
CVE-2014-4715 for LZ4 issue 134
From: cve-assign () mitre org
Date: Wed, 2 Jul 2014 18:29:01 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The CVE-2014-4611 assignment, from the perspective of the LZ4 product, is for issue 52 fixed in r118: https://code.google.com/p/lz4/issues/detail?id=52 https://code.google.com/p/lz4/source/detail?r=118 As mentioned in the https://code.google.com/p/lz4/issues/detail?id=52#c30 comment: "The point is that there is no documentation in the code to require a limit. This will eventually lead to people that misuse the API. So, yes, it is a vulnerable algorithm" The CVE-2014-4715 assignment, from the perspective of the LZ4 product, is for issue 134 fixed in r119: https://code.google.com/p/lz4/issues/detail?id=134 https://code.google.com/p/lz4/source/detail?r=119 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTtIcVAAoJEKllVAevmvmsi84H/2fKtg3q1OMRQBVPfRdTezHb kk22wdGtDRGBDA8MzTOEyh1pHmwsIiy1l11FTqUe3+1tQiBZT2/ws9/KkdhmlcGd Clb9h05tHKDLDZaxy8eHeTta+bBueYGyUm50rPKb9l5Ffjcd+ij0AhF/W6GePEyj Nv/zm3K7iuTxFuOhxXXX33lhCTV7w3oDlS7+NpuOIGJoyry5+VuVNXSmBN7Pq98X j3/kaQL/bxaxaIk3VhrgBBWwLcLpZd0xph9QGeJNlZL13UPBgIn7AkGXLqFnPIgu JeSpYONJrldZZfymxyZeSbrv6OgUi0w1xV+oPmr4TNXe4jCwxPFN+SMwZoQ7h2k= =zBon -----END PGP SIGNATURE-----
Current thread:
- CVE-2014-4715 for LZ4 issue 134 cve-assign (Jul 02)