PT-2023-8389 · Unknown+3 · Snappy-Java+4
Flabbergastedbd
+2
·
Publicado
2023-09-25
·
Atualizado
2026-05-18
·
CVE-2023-43642
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
snappy-java versions 1.1.10.3 and earlier
Description
The SnappyInputStream in snappy-java is vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size due to a missing upper bound check on chunk length, which can cause an unrecoverable fatal error. Users are advised to upgrade to a newer version. Users unable to upgrade should only accept compressed data from trusted sources.
Recommendations
For versions 1.1.10.3 and earlier, upgrade to version 1.1.10.4 or later, which includes the fix introduced in commit
9f8c3cf74.
As a temporary workaround, consider only accepting compressed data from trusted sources until a patch is available.Exploit
Correção
DoS
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Bitbucket
Debian
Jira
Snappy-Java