CNNVD-202512-643 Information

CNNVD ID

CNNVD-202512-643

Related CVE

CVE-2025-66566

• CNNVD Published: 2025-12-05

Description (Chinese)

LZ4 Java是Jonas Konrad个人开发者的一个Java的压缩库。 LZ4 Java 1.10.0及之前版本存在安全漏洞，该漏洞源于输出缓冲区清除不足，可能导致敏感数据泄露。

Description (English)

LZ4 Java is a Java compressor of Jonas Konrad’s personal developer. LZ4 Java 1.10.0 and previous versions had a security loophole, which stemmed from inadequate clearance of the export buffer zone and could lead to the leakage of sensitive data.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840 https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://github.com/yawkat/lz4-java/releases