admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-175xx/CVE-2019-17543.json
cad-safe-bot b47d02a333 Auto-Update: 2023-11-07T21:02:52.274489+00:00
2023-11-07 21:03:21 +00:00

191 lines
6.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-17543",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-14T02:15:10.873",
"lastModified": "2023-11-07T03:06:19.137",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\""
},
{
"lang": "es",
"value": "LZ4 versiones anteriores a 1.9.2, presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en LZ4_write32 (relacionado con la funci\u00f3n LZ4_compress_destSize), que afecta a las aplicaciones que llaman a LZ4_compress_fast con una entrada larga. (Este problema tambi\u00e9n puede conllevar a la corrupci\u00f3n de datos). NOTA: el fabricante indica que \"solo unos pocos usos espec\u00edficos / poco comunes de la API est\u00e1n en riesgo\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lz4_project:lz4:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.2",
"matchCriteriaId": "1AD95A2B-FA31-4D45-8336-CA9F1D963D3B"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html",
"source": "cve@mitre.org"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html",
"source": "cve@mitre.org"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/lz4/lz4/issues/801",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/lz4/lz4/pull/756",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/lz4/lz4/pull/760",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17%40%3Cissues.arrow.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/543302d55e2d2da4311994e9b0debdc676bf3fd05e1a2be3407aa2d6%40%3Cissues.arrow.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357%40%3Cissues.arrow.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3%40%3Cissues.arrow.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316%40%3Cissues.arrow.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3%40%3Cdev.arrow.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720%40%3Cissues.kudu.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread.html/r7bc72200f94298bc9a0e35637f388deb53467ca4b2e2ad1ff66d8960%40%3Cissues.kudu.apache.org%3E",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/",
"source": "cve@mitre.org"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink