REDHAT-BUG-1112436: Integer Overflow
First published: Tue Jun 24 2014(Updated: )
Don A. Bailey of Lab Mouse Security reported an integer overflow issue in various implementations of LZO (Lempel–Ziv–Oberhumer) and LZ4 compression algorithms. The issue is in the handling of "literal runs" during decompression, and can lead to application crash and, possibly, code execution. This bug is for LZ4 and LZ4 copy embedded in the Linux kernel (as of version 3.11). This issue can not be triggered on 64bit systems today, as it would require input of the size that is beyond capabilities of modern computers. On 32bit systems, this can only affect applications using sufficiently large decompression blocks (16mb+).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| LZ4 | >=3.11 | |
| Linux kernel | >=3.11 | |
| LZO |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1113869
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1113870
- http://seclists.org/oss-sec/2014/q2/669
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1113884
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206204a1162b995e2185275167b22468c00d6b36
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
- http://blog.securitymouse.com/2014/06/understanding-lz4-memory-corruption.html
- https://www.securitymouse.com/lms-2014-06-16-6
- https://www.securitymouse.com/lms-2014-06-16-5
- http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
- http://fastcompression.blogspot.fr/2014/06/lets-move-on.html
- https://code.google.com/p/lz4/issues/detail?id=52
- https://github.com/Cyan4973/lz4/commit/da5373197e84ee49d75b8334d4510689731d6e90
- https://code.google.com/p/lz4/source/detail?r=118
- https://github.com/Cyan4973/lz4/commit/26b82f35#diff-0
- https://bugzilla.redhat.com/show_bug.cgi?id=1112436
Frequently Asked Questions
What is the severity of REDHAT-BUG-1112436?
The severity of REDHAT-BUG-1112436 is high due to potential application crashes and code execution risks.
How do I fix REDHAT-BUG-1112436?
Fixing REDHAT-BUG-1112436 typically involves updating to the patched versions of the affected LZO and LZ4 libraries.
What software is affected by REDHAT-BUG-1112436?
The affected software includes various implementations of the LZO and LZ4 compression algorithms, particularly versions of LZ4 from 3.11 onwards.
What type of vulnerability is REDHAT-BUG-1112436?
REDHAT-BUG-1112436 is an integer overflow vulnerability that occurs during the decompression process of specific compression algorithms.
What are the potential impacts of REDHAT-BUG-1112436?
The potential impacts of REDHAT-BUG-1112436 include application crashes and the possibility of arbitrary code execution.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-4611
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/lz4
- canonical/lz4
- vendor/linux
- canonical/linux kernel
- vendor/lzo
- canonical/lzo