reports/GO-2020-0022.yaml - vulndb - Git at Google

 packages:
   - module: github.com/cloudflare/golz4
     symbols:
       - Uncompress
     versions:
       - fixed: 0.0.0-20140711154735-199f5f787806
 description: |
     LZ4 bindings use a deprecated C API that is vulnerable to
     memory corruption, which could lead to arbitrary code execution
     if called with untrusted user input.
 published: 2021-04-14T20:04:52Z
 credit: Yann Collet
 cve_metadata:
     id: CVE-2014-125026
     cwe: "CWE 94: Improper Control of Generation of Code ('Code Injection')"
 links:
     commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
     context:
       - https://github.com/cloudflare/golz4/issues/5
	packages:
	- module: github.com/cloudflare/golz4
	symbols:
	- Uncompress
	versions:
	- fixed: 0.0.0-20140711154735-199f5f787806
	description: \|
	LZ4 bindings use a deprecated C API that is vulnerable to
	memory corruption, which could lead to arbitrary code execution
	if called with untrusted user input.
	published: 2021-04-14T20:04:52Z
	credit: Yann Collet
	cve_metadata:
	id: CVE-2014-125026
	cwe: "CWE 94: Improper Control of Generation of Code ('Code Injection')"
	links:
	commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898
	context:
	- https://github.com/cloudflare/golz4/issues/5