fixing off-by-one error in lz4.c
Issue #25
resolved
LZ4 is subject to a heap-based overflow in some use cases. More details found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17543
Fix can be made by adding one symbol in lz4.c, found here: https://github.com/lz4/lz4/commit/d7cad81093cd805110291f84d64d385557d0ffba
Since pull requests are not enabled, hopefully this issue finds you well :D
Comments (2)
-
repo owner -
repo owner - changed status to resolved
- Log in to comment
Thanks, I have updated the LZ4 module to v1.9.3.