Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-3156

Whether the CVE-2019-17543 vulnerability of lz affects kudu

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Information Provided
    • Affects Version/s: 1.8.0
    • Fix Version/s: n/a
    • Component/s: None
    • Labels:
      None

      Description

      LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."      

      Whether the CVE-2019-17543 vulnerability of lz affects kudu? if yes, what is the impact?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              yejiabao_h yejiabao_h
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: