LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
References
Link | Resource |
---|---|
https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898 | Patch Third Party Advisory |
https://github.com/cloudflare/golz4/issues/5 | Issue Tracking Patch Third Party Advisory |
https://pkg.go.dev/vuln/GO-2020-0022 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Go
Published: 2022-12-27T21:13:06.589Z
Updated: 2023-06-12T19:03:26.399Z
Reserved: 2022-07-29T16:08:15.703Z
Link: CVE-2014-125026
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-27T22:15:10.883
Modified: 2023-01-06T15:24:30.237
Link: CVE-2014-125026
JSON object: View
Redhat Information
No data.
CWE