blob: ba0056babebbe20be19c262c5dc6fc4fc7373229 [file] [log] [blame]
packages:
- module: github.com/cloudflare/golz4
symbols:
- Uncompress
versions:
- fixed: 0.0.0-20140711154735-199f5f787806
description: |
LZ4 bindings use a deprecated C API that is vulnerable to
memory corruption, which could lead to arbitrary code execution
if called with untrusted user input.
published: 2021-04-14T20:04:52Z
credit: Yann Collet
links:
commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
context:
- https://github.com/cloudflare/golz4/issues/5