{"id":"GHSA-4wp2-8rm2-jgmh","summary":"LZ4 vulnerable to Out-of-bounds Write","details":"LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.","aliases":["CVE-2014-125026","GO-2020-0022"],"modified":"2024-05-20T19:43:07Z","published":"2022-12-28T00:30:23Z","database_specific":{"severity":"CRITICAL","nvd_published_at":"2022-12-27T22:15:00Z","cwe_ids":["CWE-787"],"github_reviewed":true,"github_reviewed_at":"2023-01-09T21:49:10Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-125026"},{"type":"WEB","url":"https://github.com/cloudflare/golz4/issues/5"},{"type":"WEB","url":"https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898"},{"type":"PACKAGE","url":"https://github.com/cloudflare/golz4"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2020-0022"}],"affected":[{"package":{"name":"github.com/cloudflare/golz4","ecosystem":"Go","purl":"pkg:golang/github.com/cloudflare/golz4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20140711154735-199f5f787806"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-4wp2-8rm2-jgmh/GHSA-4wp2-8rm2-jgmh.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}