Vulnerability Database
Blog
FAQ
Docs
SUSE-SU-2021:1613-1
See a problem?
Please try reporting it
to the source
first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211613-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1613-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:1613-1
Related
CVE-2019-17543
CVE-2021-3520
Published
2021-05-14T15:35:25Z
Modified
2021-05-14T15:35:25Z
Summary
Security update for lz4
Details
This update for lz4 fixes the following issues:
CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).
CVE-2019-17543: Fixed heap-based buffer overflow in LZ4_write32 (bsc#1153936).
References
https://www.suse.com/support/update/announcement/2021/suse-su-20211613-1/
https://bugzilla.suse.com/1153936
https://bugzilla.suse.com/1185438
https://www.suse.com/security/cve/CVE-2019-17543
https://www.suse.com/security/cve/CVE-2021-3520
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP5
/
lz4
Package
Name
lz4
Purl
pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.8.0-3.3.1
Ecosystem specific
{ "binaries": [ { "liblz4-1": "1.8.0-3.3.1" } ] }
SUSE-SU-2021:1613-1 - OSV