ByteOS Network

CVE Vulnerability Details :

CVE-2014-4608

PUBLISHED

More Info Official Page

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-03 Jul, 2014 | 01:00

Updated At-27 Jan, 2025 | 21:07

▼CVE Numbering Authority (CNA)

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://www.securitymouse.com/lms-2014-06-16-2	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html	vendor-advisory x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2418-1	vendor-advisory x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2015-0062.html	vendor-advisory x_refsource_REDHAT
https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1113899	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2416-1	vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2417-1	vendor-advisory x_refsource_UBUNTU
http://www.securityfocus.com/bid/68214	vdb-entry x_refsource_BID
http://www.ubuntu.com/usn/USN-2419-1	vendor-advisory x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2014/06/26/21	mailing-list x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html	vendor-advisory x_refsource_SUSE
http://www.oberhumer.com/opensource/lzo/	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html	vendor-advisory x_refsource_SUSE
http://secunia.com/advisories/60174	third-party-advisory x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-2421-1	vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2420-1	vendor-advisory x_refsource_UBUNTU
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html	x_refsource_MISC
http://secunia.com/advisories/62633	third-party-advisory x_refsource_SECUNIA
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2	x_refsource_CONFIRM
http://secunia.com/advisories/60011	third-party-advisory x_refsource_SECUNIA
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce	x_refsource_CONFIRM

Hyperlink: https://www.securitymouse.com/lms-2014-06-16-2

Resource:

x_refsource_MISC

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.ubuntu.com/usn/USN-2418-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0062.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce

Resource:

x_refsource_CONFIRM

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1113899

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.ubuntu.com/usn/USN-2416-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.ubuntu.com/usn/USN-2417-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.securityfocus.com/bid/68214

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.ubuntu.com/usn/USN-2419-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.openwall.com/lists/oss-security/2014/06/26/21

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.oberhumer.com/opensource/lzo/

Resource:

x_refsource_MISC

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://secunia.com/advisories/60174

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.ubuntu.com/usn/USN-2421-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.ubuntu.com/usn/USN-2420-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html

Resource:

x_refsource_MISC

Hyperlink: http://secunia.com/advisories/62633

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/60011

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.securitymouse.com/lms-2014-06-16-2	x_refsource_MISC x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.ubuntu.com/usn/USN-2418-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://rhn.redhat.com/errata/RHSA-2015-0062.html	vendor-advisory x_refsource_REDHAT x_transferred
https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce	x_refsource_CONFIRM x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1113899	x_refsource_CONFIRM x_transferred
http://www.ubuntu.com/usn/USN-2416-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.ubuntu.com/usn/USN-2417-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securityfocus.com/bid/68214	vdb-entry x_refsource_BID x_transferred
http://www.ubuntu.com/usn/USN-2419-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.openwall.com/lists/oss-security/2014/06/26/21	mailing-list x_refsource_MLIST x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.oberhumer.com/opensource/lzo/	x_refsource_MISC x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html	vendor-advisory x_refsource_SUSE x_transferred
http://secunia.com/advisories/60174	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.ubuntu.com/usn/USN-2421-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.ubuntu.com/usn/USN-2420-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html	x_refsource_MISC x_transferred
http://secunia.com/advisories/62633	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/60011	third-party-advisory x_refsource_SECUNIA x_transferred
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.securitymouse.com/lms-2014-06-16-2

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2418-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-0062.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1113899

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2416-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2417-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.securityfocus.com/bid/68214

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2419-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2014/06/26/21

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://www.oberhumer.com/opensource/lzo/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://secunia.com/advisories/60174

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2421-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-2420-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://secunia.com/advisories/62633

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/60011

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce

Resource:

x_refsource_CONFIRM

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-190	CWE-190 Integer Overflow or Wraparound

Type: CWE

CWE ID: CWE-190

Description: CWE-190 Integer Overflow or Wraparound

Metrics

Version	Base score	Base severity	Vector
3.1	7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Version: 3.1

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References