Vulnerability Details CVE-2014-125026
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
- https://github.com/cloudflare/golz4/issues/5
- https://pkg.go.dev/vuln/GO-2020-0022
- https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
- https://github.com/cloudflare/golz4/issues/5
- https://pkg.go.dev/vuln/GO-2020-0022
Products affected by CVE-2014-125026
-
cpe:2.3:a:cloudflare:golz4:-