Mkcops

**Name of the Vulnerable Software and Affected Versions** snappy-java versions 1.1.10.3 and earlier **Description** The SnappyInputStream in snappy-java is vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size due to a missing upper bound check on chunk length, which can cause an unrecoverable fatal error. Users are advised to upgrade to a newer version. Users unable to upgrade should only accept compressed data from trusted sources. **Recommendations** For versions 1.1.10.3 and earlier, upgrade to version 1.1.10.4 or later, which includes the fix introduced in commit `9f8c3cf74`. As a temporary workaround, consider only accepting compressed data from trusted sources until a patch is available.