GMS-2014-14: Remote code execution

July 7, 2014

An integer overflow can occur when processing any variant of a “literal run”. When certain payloads are processed, a pointer to an output buffer can be set to an address outside the output buffer. Since the attacker can specify exact offsets in memory, it is very easy to create a reliable Remote Code Execution exploit.

References

blog.securitymouse.com/2014/07/hacking-cern-exploiting-python-lz4-for.html

Detect and mitigate GMS-2014-14 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →