Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-43642

Published: 25/09/2023 Updated: 26/09/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Xerial

Vulnerability Summary

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xerial snappy-java

Vendor Advisories

Debian CVElist Bug Report Logs: snappy-java: CVE-2023-43642
Debian Bug report logs - #1053474 snappy-java: CVE-2023-43642 Package: src:snappy-java; Maintainer for src:snappy-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 Oct 2023 19:45:02 UTC Severity: important Tags: security ...
Red Hat: Important: Red Hat build of Quarkus 2.13.9 release and security update
Synopsis Important: Red Hat build of Quarkus 2139 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, which gives ade ...
Red Hat: Important: Red Hat build of Quarkus 3.2.9 release and security update
概要 Important: Red Hat build of Quarkus 329 release and security update タイプ/重大度 Security Advisory: Important トピック A new release of the Red Hat build of Quarkus is now available This new release comes packed with a host of enhancements, bug fixes, and security fixesRed Hat Product Security has rated this update as ha ...
Red Hat:
Description<!---->A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS)A flaw was found in SnappyInputStream in ...

References

CWE-770https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfvhttps://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053474https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-43642
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook