CNNVD-202511-3009 Information

CNNVD ID

CNNVD-202511-3009

Related CVE

CVE-2025-12183

• CNNVD Published: 2025-11-28

Description (Chinese)

LZ4 Java是Jonas Konrad个人开发者的一个Java的压缩库。 LZ4 Java 1.8.0及之前版本存在安全漏洞，该漏洞源于处理不可信压缩输入时存在越界内存操作，可能导致拒绝服务和内存读取。

Description (English)

LZ4 Java is a Java compressor of Jonas Konrad’s personal developer. LZ4 Java 1.8.0 and previous versions have a security loophole, which stems from cross-border memory operations when dealing with untrustworthy compressed inputs, which may lead to denial of service and access to memory.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-28

Last Modified

2026-02-24

References

https://github.com/yawkat/lz4-java/releases/tag/v1.8.1 https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183 https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://github.com/yawkat/lz4-java/releases