CVE-2014-4608

Published: Jul 3, 2014Modified: May 6, 2026

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

Affected (8)

Products: Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Real Time Extension, Linux Enterprise Server · +1 more

Show all products

Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Real Time Extension, Linux Enterprise Server · Canonical: Ubuntu Linux

1 product

1 product

2 products

Linux Enterprise Real Time Extension

Linux Enterprise Server

Canonical

1 product

Ubuntu Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.15.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Suse Linux Enterprise Real Time Extension	Version 11 sp3
Suse Linux Enterprise Server	Version 11 sp2

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (44)

http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html

Source: cve@mitre.org

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0062.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/60011

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/60174

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/62633

Source: cve@mitre.org

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.oberhumer.com/opensource/lzo/

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/06/26/21

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/68214

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2416-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2417-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2418-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2419-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2420-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2421-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1113899

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce

Source: cve@mitre.org

PatchThird Party Advisory

https://www.securitymouse.com/lms-2014-06-16-2

Source: cve@mitre.org

Broken Link

http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html