packages: | |
- module: github.com/cloudflare/golz4 | |
symbols: | |
- Uncompress | |
versions: | |
- fixed: 0.0.0-20140711154735-199f5f787806 | |
description: | | |
LZ4 bindings use a deprecated C API that is vulnerable to | |
memory corruption, which could lead to arbitrary code execution | |
if called with untrusted user input. | |
published: 2021-04-14T20:04:52Z | |
credit: Yann Collet | |
links: | |
commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898 | |
context: | |
- https://github.com/cloudflare/golz4/issues/5 |