TL;DR
Editor's Note: The TL;DR of this long technical report can be summarized as
LZ4 was always critically vulnerable whether in Kernel or User-land
Exploitation is easy regardless of the attack used (16MB or 2+MB)
PoCs are written for python2.7 on 32bit ARM/x86 (scroll to the end)
Updating is critical for all consumers of LZ4, not just python-lz4
Editor's Note: The TL;DR of this long technical report can be summarized as
LZ4 was always critically vulnerable whether in Kernel or User-land
Exploitation is easy regardless of the attack used (16MB or 2+MB)
PoCs are written for python2.7 on 32bit ARM/x86 (scroll to the end)
Updating is critical for all consumers of LZ4, not just python-lz4
more here..............http://blog.securitymouse.com/2014/07/hacking-cern-exploiting-python-lz4-for.html