PatchSiren

PSeitz CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH PSeitz CVE published 2026-03-20

CVE-2026-32829

CVE-2026-32829 is a vulnerability in lz4_flex, a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 'match copy operations,' allowing out-of-bounds reads from the [truncated]