CVE-2019-17543
Summary
| CVE | CVE-2019-17543 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-14 02:15:00 UTC |
| Updated | 2023-11-07 03:06:00 UTC |
| Description | LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk." |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Lz4 Project | Lz4 | All | All | All | All |
| Application | Lz4 Project | Lz4 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| July 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [LZ4_compress_destSize] Fix off-by-one error in fix by terrelln · Pull Request #760 · lz4/lz4 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Question concerning CVE-2019-17543 · Issue #801 · lz4/lz4 · GitHub | MISC | github.com | Third Party Advisory |
| Pony Mail! | MISC | lists.apache.org | |
| [security-announce] openSUSE-SU-2019:2398-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [LZ4_compress_destSize] Fix rare data corruption bug by terrelln · Pull Request #756 · lz4/lz4 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| 15941 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail | MISC | bugs.chromium.org | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - July 2021 | N/A | www.oracle.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| [security-announce] openSUSE-SU-2019:2399-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Comparing v1.9.1...v1.9.2 · lz4/lz4 · GitHub | MISC | github.com | Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 20225 Oracle MySQL July 2021 Critical Patch Update (CPU July 2021)
- 20288 Oracle Database 19c Critical OJVM Patch Update - October 2020
- 500372 Alpine Linux Security Update for lz4
- 504130 Alpine Linux Security Update for lz4
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 671056 EulerOS Security Update for lz4 (EulerOS-SA-2019-2291)
- 690068 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (38a4a043-e937-11eb-9b84-d4c9ef517024)
- 750011 SUSE Enterprise Linux Security Update for lz4 (SUSE-SU-2021:1613-1)