CVE-2018-16985 - Vulnerability Details - OpenCVE

In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00536.

Key SSVC decision points have not yet been added.

Vendors	Products
Lizard Project	Lizard

Configuration 1 [-]

cpe:2.3:a:lizard_project:lizard:2.0:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2018-8769	In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/inikep/lizard/issues/18

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-13T14:00:00

Updated: 2024-08-05T10:39:59.059Z

Reserved: 2018-09-13T00:00:00

Link: CVE-2018-16985

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-13T14:29:00.327

Modified: 2024-11-21T03:53:39.213

Link: CVE-2018-16985

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-13T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/inikep/lizard/issues/18"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16985", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/inikep/lizard/issues/18", "refsource": "MISC", "url": "https://github.com/inikep/lizard/issues/18"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:39:59.059Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/inikep/lizard/issues/18"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16985", "datePublished": "2018-09-13T14:00:00", "dateReserved": "2018-09-13T00:00:00", "dateUpdated": "2024-08-05T10:39:59.059Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lizard_project:lizard:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C2DFB4A-224B-49A4-8CE0-41B2945B697C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service."}, {"lang": "es", "value": "En Lizard (formerly LZ5) 2.0, se ha descubierto el uso de una direcci\u00f3n de memoria inv\u00e1lida en LZ5_compress_continue en lz5_compress.c, relacionado con LZ5_compress_fastSmall y MEM_read32. Esta vulnerabilidad causa un error de segmentaci\u00f3n y el cierre inesperado de la aplicaci\u00f3n, lo que da lugar a una denegaci\u00f3n de servicio."}], "id": "CVE-2018-16985", "lastModified": "2024-11-21T03:53:39.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-13T14:29:00.327", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/inikep/lizard/issues/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/inikep/lizard/issues/18"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}