CVE-2025-12183
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-28
Last updated on: 2025-12-01
Assigner: Sonatype
Description
Description
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| org.lz4 | lz4-java | 1.8.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves out-of-bounds memory operations in the org.lz4:lz4-java library version 1.8.0 and earlier. It allows remote attackers to cause a denial of service and read adjacent memory by providing untrusted compressed input.
How can this vulnerability impact me? :
The vulnerability can lead to denial of service, disrupting the availability of affected systems. Additionally, it can allow attackers to read adjacent memory, potentially exposing sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70