CVE-2025-12183 | THREATINT

Description

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

PUBLISHED Reserved 2025-10-24 | Published 2025-11-28 | Updated 2025-12-01 | Assigner Sonatype

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status

unaffected

1.0.0 (semver)

affected

Default status

unaffected

1.0.0 (semver)

affected

Default status

unaffected

1.0.0 (semver)

affected

Credits

Jonas Konrad (Oracle corp.) remediation developer

Marcono1234 remediation reviewer

References

www.openwall.com/lists/oss-security/2025/12/01/5

sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183 third-party-advisory

github.com/yawkat/lz4-java/releases/tag/v1.8.1 patch

cve.org (CVE-2025-12183)

nvd.nist.gov (CVE-2025-12183)

Download JSON

help @ threatint.eu