{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-62813", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-10-23T14:35:28.147Z", "dateReserved": "2025-10-23T00:00:00.000Z", "datePublished": "2025-10-23T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "LZ4", "vendor": "LZ4 project", "versions": [{"lessThanOrEqual": "1.10.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-158", "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-23T03:13:57.382Z"}, "references": [{"url": "https://github.com/lz4/lz4/pull/1593"}, {"url": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lz4_project:lz4:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.10.0"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-23T13:22:23.284834Z", "id": "CVE-2025-62813", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T14:35:28.147Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62813", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-23T13:22:23.284834Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T13:26:30.307Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}}], "affected": [{"vendor": "LZ4 project", "product": "LZ4", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.10.0"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/lz4/lz4/pull/1593"}, {"url": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-158", "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lz4_project:lz4:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.10.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-23T03:13:57.382Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62813", "state": "PUBLISHED", "dateUpdated": "2025-10-23T14:35:28.147Z", "dateReserved": "2025-10-23T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-10-23T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks."}], "id": "CVE-2025-62813", "lastModified": "2025-10-23T04:17:26.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 4.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-10-23T04:17:26.350", "references": [{"source": "cve@mitre.org", "url": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82"}, {"source": "cve@mitre.org", "url": "https://github.com/lz4/lz4/pull/1593"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-158"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "lz4: LZ4 null handling error", "id": "2405977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405977"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-158", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-62813", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "lz4", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "lz4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "lz4", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "lz4", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-62813\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-62813\nhttps://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82\nhttps://github.com/lz4/lz4/pull/1593"], "threat_severity": "Moderate"}