CVE-2023-43642

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions snappy-java versions 1.1.10.3 and earlier

Description The SnappyInputStream in snappy-java is vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size due to a missing upper bound check on chunk length, which can cause an unrecoverable fatal error. Users are advised to upgrade to a newer version. Users unable to upgrade should only accept compressed data from trusted sources.

Recommendations For versions 1.1.10.3 and earlier, upgrade to version 1.1.10.4 or later, which includes the fix introduced in commit 9f8c3cf74. As a temporary workaround, consider only accepting compressed data from trusted sources until a patch is available.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2024-00588

CLEANSTART-2026-DD05788

CLEANSTART-2026-VH41554

CVE-2023-43642

GHSA-55G7-9CWV-5QFV

OESA-2023-1700

Affected Products

Astra Linux

Bitbucket

Debian

Jira

Snappy-Java

CVE-2023-43642

Weakness Enumeration

Related Identifiers

Affected Products

References · 220