{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4608", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.securitymouse.com/lms-2014-06-16-2", "refsource": "MISC", "url": "https://www.securitymouse.com/lms-2014-06-16-2" }, { "name": "SUSE-SU-2015:0736", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html" }, { "name": "USN-2418-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2418-1" }, { "name": "RHSA-2015:0062", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html" }, { "name": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899" }, { "name": "USN-2416-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2416-1" }, { "name": "USN-2417-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2417-1" }, { "name": "68214", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68214" }, { "name": "USN-2419-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2419-1" }, { "name": "[oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/26/21" }, { "name": "SUSE-SU-2015:0481", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" }, { "name": "http://www.oberhumer.com/opensource/lzo/", "refsource": "MISC", "url": "http://www.oberhumer.com/opensource/lzo/" }, { "name": "openSUSE-SU-2015:0566", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" }, { "name": "60174", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60174" }, { "name": "USN-2421-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2421-1" }, { "name": "USN-2420-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2420-1" }, { "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource": "MISC", "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" }, { "name": "62633", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62633" }, { "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2" }, { "name": "60011", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60011" }, { "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206a81c18401c0cde6e579164f752c4b147324ce", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206a81c18401c0cde6e579164f752c4b147324ce" } ] } }