THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-32829 (HIGH 7.5) — lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly val

[NVD] CVE-2026-32829 (HIGH 7.5) — lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly val

lownvdPublished 2026-03-20

CVE-2026-32829 CVSS: 7.5 HIGH Published: 2026-03-20T01:15:56.277

lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 "match copy operations,

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-32829