Vulnerability Details CVE-2014-125026
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
- https://github.com/cloudflare/golz4/issues/5
- https://pkg.go.dev/vuln/GO-2020-0022
- https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
- https://github.com/cloudflare/golz4/issues/5
- https://pkg.go.dev/vuln/GO-2020-0022
Products affected by CVE-2014-125026
-
cpe:2.3:a:cloudflare:golz4:-