{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-06-02T16:57:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.securitymouse.com/lms-2014-06-16-2"}, {"name": "SUSE-SU-2015:0736", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"name": "USN-2418-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2418-1"}, {"name": "RHSA-2015:0062", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899"}, {"name": "USN-2416-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2416-1"}, {"name": "USN-2417-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2417-1"}, {"name": "68214", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68214"}, {"name": "USN-2419-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2419-1"}, {"name": "[oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/21"}, {"name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.oberhumer.com/opensource/lzo/"}, {"name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"name": "60174", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60174"}, {"name": "USN-2421-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2421-1"}, {"name": "USN-2420-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2420-1"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html"}, {"name": "62633", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62633"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"name": "60011", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60011"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4608", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.securitymouse.com/lms-2014-06-16-2", "refsource": "MISC", "url": "https://www.securitymouse.com/lms-2014-06-16-2"}, {"name": "SUSE-SU-2015:0736", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"name": "USN-2418-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2418-1"}, {"name": "RHSA-2015:0062", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"}, {"name": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899"}, {"name": "USN-2416-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2416-1"}, {"name": "USN-2417-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2417-1"}, {"name": "68214", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68214"}, {"name": "USN-2419-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2419-1"}, {"name": "[oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/26/21"}, {"name": "SUSE-SU-2015:0481", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"name": "http://www.oberhumer.com/opensource/lzo/", "refsource": "MISC", "url": "http://www.oberhumer.com/opensource/lzo/"}, {"name": "openSUSE-SU-2015:0566", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"name": "60174", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60174"}, {"name": "USN-2421-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2421-1"}, {"name": "USN-2420-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2420-1"}, {"name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource": "MISC", "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html"}, {"name": "62633", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62633"}, {"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"name": "60011", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60011"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206a81c18401c0cde6e579164f752c4b147324ce", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206a81c18401c0cde6e579164f752c4b147324ce"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:20:26.745Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.securitymouse.com/lms-2014-06-16-2"}, {"name": "SUSE-SU-2015:0736", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"name": "USN-2418-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2418-1"}, {"name": "RHSA-2015:0062", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899"}, {"name": "USN-2416-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2416-1"}, {"name": "USN-2417-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2417-1"}, {"name": "68214", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68214"}, {"name": "USN-2419-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2419-1"}, {"name": "[oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/21"}, {"name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.oberhumer.com/opensource/lzo/"}, {"name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"name": "60174", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60174"}, {"name": "USN-2421-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2421-1"}, {"name": "USN-2420-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2420-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html"}, {"name": "62633", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62633"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"name": "60011", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60011"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-18T16:18:41.067428Z", "id": "CVE-2014-4608", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T21:07:41.975Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4608", "datePublished": "2014-07-03T01:00:00.000Z", "dateReserved": "2014-06-23T00:00:00.000Z", "dateUpdated": "2025-01-27T21:07:41.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.securitymouse.com/lms-2014-06-16-2", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html", "name": "SUSE-SU-2015:0736", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-2418-1", "name": "USN-2418-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html", "name": "RHSA-2015:0062", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-2416-1", "name": "USN-2416-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-2417-1", "name": "USN-2417-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/68214", "name": "68214", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-2419-1", "name": "USN-2419-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2014/06/26/21", "name": "[oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", "name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.oberhumer.com/opensource/lzo/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", "name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://secunia.com/advisories/60174", "name": "60174", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-2421-1", "name": "USN-2421-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-2420-1", "name": "USN-2420-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://secunia.com/advisories/62633", "name": "62633", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://secunia.com/advisories/60011", "name": "60011", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:20:26.745Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2014-4608", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-18T16:18:41.067428Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:13:40.396Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-26T00:00:00.000Z", "references": [{"url": "https://www.securitymouse.com/lms-2014-06-16-2", "tags": ["x_refsource_MISC"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html", "name": "SUSE-SU-2015:0736", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.ubuntu.com/usn/USN-2418-1", "name": "USN-2418-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html", "name": "RHSA-2015:0062", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.ubuntu.com/usn/USN-2416-1", "name": "USN-2416-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.ubuntu.com/usn/USN-2417-1", "name": "USN-2417-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.securityfocus.com/bid/68214", "name": "68214", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.ubuntu.com/usn/USN-2419-1", "name": "USN-2419-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.openwall.com/lists/oss-security/2014/06/26/21", "name": "[oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", "name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.oberhumer.com/opensource/lzo/", "tags": ["x_refsource_MISC"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", "name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://secunia.com/advisories/60174", "name": "60174", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.ubuntu.com/usn/USN-2421-1", "name": "USN-2421-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.ubuntu.com/usn/USN-2420-1", "name": "USN-2420-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "tags": ["x_refsource_MISC"]}, {"url": "http://secunia.com/advisories/62633", "name": "62633", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://secunia.com/advisories/60011", "name": "60011", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2015-06-02T16:57:00.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.securitymouse.com/lms-2014-06-16-2", "name": "https://www.securitymouse.com/lms-2014-06-16-2", "refsource": "MISC"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html", "name": "SUSE-SU-2015:0736", "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-2418-1", "name": "USN-2418-1", "refsource": "UBUNTU"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html", "name": "RHSA-2015:0062", "refsource": "REDHAT"}, {"url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce", "name": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce", "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899", "refsource": "CONFIRM"}, {"url": "http://www.ubuntu.com/usn/USN-2416-1", "name": "USN-2416-1", "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-2417-1", "name": "USN-2417-1", "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/bid/68214", "name": "68214", "refsource": "BID"}, {"url": "http://www.ubuntu.com/usn/USN-2419-1", "name": "USN-2419-1", "refsource": "UBUNTU"}, {"url": "http://www.openwall.com/lists/oss-security/2014/06/26/21", "name": "[oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO", "refsource": "MLIST"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", "name": "SUSE-SU-2015:0481", "refsource": "SUSE"}, {"url": "http://www.oberhumer.com/opensource/lzo/", "name": "http://www.oberhumer.com/opensource/lzo/", "refsource": "MISC"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", "name": "openSUSE-SU-2015:0566", "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/60174", "name": "60174", "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/USN-2421-1", "name": "USN-2421-1", "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-2420-1", "name": "USN-2420-1", "refsource": "UBUNTU"}, {"url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", "refsource": "MISC"}, {"url": "http://secunia.com/advisories/62633", "name": "62633", "refsource": "SECUNIA"}, {"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/60011", "name": "60011", "refsource": "SECUNIA"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206a81c18401c0cde6e579164f752c4b147324ce", "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=206a81c18401c0cde6e579164f752c4b147324ce", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-4608", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2014-4608", "state": "PUBLISHED", "dateUpdated": "2025-01-27T21:07:41.975Z", "dateReserved": "2014-06-23T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2014-07-03T01:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "588069C4-9D69-48F6-913F-2FEB3E643870", "versionEndExcluding": "3.15.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype."}, {"lang": "es", "value": "** DISPUTADA ** M\u00faltiples desbordamientos de enteros en la funci\u00f3n lzo1x_decompress_safe en lib/lzo/lzo1x_decompress_safe.c en el descompresor LZO en el kernel de Linux anterior a 3.15.2 permiten a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un 'Literal Run' manipulado. NOTA: el autor de los algoritmos LZO algorithms dice que 'el kernel de Linux *no* est\u00e1 afectado; sensacionalismo period\u00edstico.'"}], "id": "CVE-2014-4608", "lastModified": "2025-01-27T21:15:09.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2014-07-03T04:22:15.310", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60011"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60174"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62633"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oberhumer.com/opensource/lzo/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/21"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68214"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2416-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2417-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2418-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2419-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2420-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2421-1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.securitymouse.com/lms-2014-06-16-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oberhumer.com/opensource/lzo/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2416-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2417-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2418-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2419-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2420-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2421-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.securitymouse.com/lms-2014-06-16-2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Don A. Bailey (Lab Mouse Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2014:1392", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-504.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2015:0062", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "kernel-0:2.6.32-431.46.2.el6", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-01-20T00:00:00Z"}], "bugzilla": {"description": "kernel: lzo1x_decompress_safe() integer overflow", "id": "1113899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113899"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-190", "details": ["Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype.", "An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system."], "name": "CVE-2014-4608", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2014-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-4608\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4608"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 only support 64-bit architectures. Since exploiting this issue on 64-bit platforms is not feasible given the amount of input data that is necessary to trigger the integer overflow, we are currently not planning planning to fix this issue in Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.", "threat_severity": "Low"}