[KUDU-3156] Whether the CVE-2019-17543 vulnerability of lz affects kudu - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Information Provided
Affects Version/s: 1.8.0
Fix Version/s: n/a
Component/s: None
Labels:
None

Description

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Whether the CVE-2019-17543 vulnerability of lz affects kudu? if yes, what is the impact?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: yejiabao_h

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Jun/20 02:20

Updated:: 09/Jul/20 17:50

Resolved:: 09/Jul/20 17:50