CVE-2014-125026

Summary

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

Affected Software

VendorProductVersion RangeStatus
github.com/cloudflare/golz4github.com/cloudflare/golz40 < 0.0.0-20140711154735-199f5f787806affected

Weaknesses

  • CWE 94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References