vulnerability
Arch Linux: Denial of service (CVE-2021-3520)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jun 2, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jun 2, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A vulnerability was found in lz4, where a potential memory corruption due to an integer overflow bug caused one of the memmove arguments to become negative. Depending on how the library was compiled this will hit an assert() inside the library and dump core, leaving a 4GB core file, or it wil go into libc and crash inside the memmove() function.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-3520
- https://attackerkb.com/topics/CVE-2021-3520
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1954559
- URL-https://security.archlinux.org/ASA-202105-27
- URL-https://security.netapp.com/advisory/ntap-20211104-0005/
- URL-https://www.oracle.com//security-alerts/cpujul2021.html
- URL-https://www.oracle.com/security-alerts/cpuapr2022.html
- URL-https://www.oracle.com/security-alerts/cpuoct2021.html
- CWE-190
- CWE-787
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.